HMRC received 38,012 phishing reports in the first half of 2025.
Posted 11 September 2025
In the first half of 2025, HM Revenue & Customs (HMRC) received 38,012 phishing reports. It has received a staggering296,000 reports since 2023. More than 283,000 of these were for emails impersonating the revenue service.
While SMS-based impersonation attempts are less prolific, there have still been 13,250 reports to HMRC in the last two years.
That’s according to data gathered by UK-based cybersecurity company Bridewell.
Phishing often involves impersonating trusted institutions such as banks, government agencies, and retailers, and are designed to trick individuals into divulging personal information, passwords, or even making payments under false pretences.
The good news to draw from the data is that the number of phishing reports to the HMRC has slowed down. In 2023, there were 148,909 phishing reports to the HMRC, which decreased by 35 percent to 96,252 in 2024. In contrast, the number of smishing reports to HMRC has increased 46 percent from 4,086 to 5,974.
“Social engineering is an often-overlooked security threat that is used to manipulate people. This manipulation can encompass a broad range of objectives whereby a victim is tricked into doing something that helps the attacker. Often this is encouraging them to click malicious links, but the goal could also be to install malware or trigger fraudulent transactions,” saidLuiz Simpson, head of red team at Bridewell.
Now, thanks to AI, cybercriminals are becoming increasingly convincing by creating fake websites that mimic legitimate services or sending SMS alerts that look like they’re from trusted sources.
“AI can analyse the way real companies communicate and then replicate it in phishing emails or text messages. This is why vigilance is critical, and we can no longer rely on the standard red flags, like poor grammar or spelling, to tell us something is off,” said Simpson.
“The advice is clear. Firstly, you should pause and think when you receive a suspicious email. You should never click on suspicious links or open attachments in emails or SMS messages, and you should always verify the authenticity of any communication by visiting HMRC’s official website directly.”
Subscribe to our newsletter to receive the latest digital transformation news directly to your inbox.
Follow us on social media to keep up to date with the latest technology news.
Engage with our audience
Call for Speakers/Papers
Sustainability Policy
UK Modern Slavery Act Statement
Anti-Corruption Policy
Contact us
THINK Digital Partners
Sign up to our newsletter for a round-up of news.
© 2025 Copyright THINK Digital Partners.
Home | Privacy Policy | Contact