In 2025, a decrease in tax refund-related phishing incidents was observed in the United Kingdom.
In a recent development, the downward trend in phishing attempts impersonating HM Revenue & Customs (HMRC) has become increasingly prominent. According to a study by Bridewell, a UK-based critical infrastructure cybersecurity provider, published on September 10, 2025, the first half of 2025 saw 41,202 phishing reports, a significant drop from 102,226 in 2024 and 152,995 in 2023.
The latest HMRC's global Cyber Security Breaches Survey, published in June 2025, reveals that 85% of UK businesses experienced a phishing attack last year. This statistic underscores the ongoing threat of phishing, despite the recent decline in reports.
Luiz Simpson, head of red team at Bridewell, attributes this shift to the increasing sophistication of social engineering techniques. He states that AI can analyze the way real companies communicate and replicate it in phishing emails or text messages, making it harder to detect phishing attempts.
Vigilance remains critical, but traditional red flags like poor grammar or spelling may no longer be reliable indicators of a phishing attempt. Bridewell advises individuals to pause and think before clicking on suspicious links or opening attachments in emails or SMS messages. They also recommend verifying the authenticity of any communication by visiting HMRC's official website directly.
Interestingly, while email-based phishing is on a downward trajectory, SMS-based phishing attempts appear to be on an upward one. There were 3190 reports in the first half of 2025, accounting for almost two-thirds of the total SMS phishing reports in 2024 and over three-quarters of those for 2023.
However, the decline in phishing reports impersonating HMRC does not mean that tax refund phishing is no longer a concern. Bridewell warns that HMRC received 296,000 reports over the past two and a half years. They advise the public to remain vigilant and report any suspicious activity to the appropriate authorities.
The study was based on data from a Freedom of Information (FOI) request about individuals who reported HMRC impersonation attempts between January 1, 2023, and June 2, 2025. If the current pace continues, phishing reports could fall by nearly 60% compared to last year's total.
As the cyber threat landscape evolves, it's essential for individuals and businesses to stay informed and vigilant. The decline in phishing attempts impersonating HMRC is a positive sign, but it does not mean that the threat has vanished. With the increasing use of AI in phishing attempts, it's more important than ever to approach all communications with a critical eye.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Navigating the Path to Tech Product Success: Expert Insights from Delasport, a Trailblazer in the Tech Industry
- Online Cyber Assaults May Deter Web Usage Among Younger Generations
- Navigating English for Common Tech and Devices Daily Use
