UK taxpayers are under an increased risk of deception. This is in the form of fraudulent messages purporting to be from the tax office – His Majesty’s Revenue and Customs (HMRC). In the first half of 2025, HMRC received 38,012 phishing reports. Furthermore, since 2023, there have been 283,000 reports of emails impersonating the revenue service.
These data come from a new study by Bridewell, a UK-based cybersecurity company.
Alongside conventional phishing via email, cyber criminals are also conducting smishing (phishing carried out via SMS). The latest Cyber Security Breaches Survey reveals that 85 percent of UK businesses experienced a phishing attack last year.
These scams are no longer the clumsy attempts they used to be. They are smart, timely, well-researched, and often convincing. British businesses have already warned that they are seeing an increase in highly personalised phishing attempts, thanks to AI analysis of online profiles.
These tactics, which often involve impersonating trusted institutions such as banks, government agencies, and retailers, are designed to trick individuals into divulging personal information, passwords, or even making payments under false pretences.
These schemes operate across various platforms, including text messages, social media, and even voice calls, making it increasingly difficult to distinguish legitimate communication from fraudulent activity.
The rise of phishing and smishing scams has reached alarming levels, with HMRC receiving a staggering296,000 reports since 2023. Over 283,000 of these reports were for emails impersonating the revenue service. While SMS-based impersonation attempts are less prolific, there have still been 13,250 reports to HMRC in the last two years.
This latest data reveals the growing scale of the problem as fraudsters attempt to exploit digital platforms to target taxpayers. HMRC’s figures assess the impact of these scams on the UK public. These data reveal that in the first six months of 2025 alone, HMRC has received 38,012 reports of phishing attempts and 3,190 reports of smishing.
However, the number of phishing reports to the HMRC has slowed down. In 2023, there were 148,909 phishing reports to the HMRC, which decreased by 35 percent to 96,252 in 2024. In contrast, the number of smishing reports to HMRC has increased 46 percent from 4,086 to 5,974.
Luiz Simpson, Head of Red Team at Bridewell tells Digital Journal in a statement: “Social engineering is an often-overlooked security threat that is used to manipulate people. This manipulation can encompass a broad range of objectives whereby a victim is tricked into doing something that helps the attacker. Often, this is encouraging them to click malicious links, but the goal could also be to install malware or trigger fraudulent transactions.“
Manipulating AI, cyber criminals are becoming increasingly convincing by creating fake websites that mimic legitimate services or sending SMS alerts that look like they are from trusted sources.
