24 July 2025
A comprehensive 2022 report from the Office for National Statistics has revealed that half of all adults in the UK have received a phishing message..png?lu=615)
The study highlights a sharp rise in cyber threats, with 85% of UK businesses and 86% of charities experiencing at least one phishing attack in the past year. Alarmingly, 32% of these malicious emails are now AI-generated, utilising scraped social media data, dark web information, and real-time language adjustments to deceive victims more effectively.
The report underscores how fraudsters have increasingly exploited behavioural shifts following the COVID-19 pandemic, particularly in online shopping. There has been a ninefold increase in advance fee fraud, where victims are tricked into paying upfront for goods or rewards that never materialise. Consumer and retail fraud has also surged by 57% compared to pre-pandemic levels, with more than half of phishing messages impersonating delivery companies.
The financial impact on businesses is significant, with the average loss from phishing attacks rising to £1,600 in 2024 — a 32% increase from the previous year. Will Ashford-Brown, Director of Strategic Insights at Heligan Group, emphasised the urgent need for better resources and education to combat these threats, warning that a single mistake in handling an email can cause operational chaos.
The National Cyber Security Centre’s (NCSC) Suspicious Emails and Reporting Service (SERS) has received over 32 million reports since its launch in 2020. The service saw a 44% increase in reports in 2023 compared to 2022, reflecting growing public awareness and vigilance. Despite this progress, phishing remains a persistent and escalating threat across the UK.
Research from the Telephone-operated Crime Survey for England and Wales shows that most phishing attempts impersonate delivery companies, financial institutions, e-commerce platforms, and government agencies. To combat this, Ashford-Brown urges businesses to encourage prompt reporting of scams, emphasising the importance of employee training on recognising scam signs. He recommends reducing the amount of personal information shared online and utilising free schemes offered by phone providers to report suspicious messages by forwarding them to 7726.
