⚠️ Current UK Cyber Threat Landscape: Phishing Trends to Watch 2025 🇬🇧

While the classic "mailbox full" scam is still used, cybercriminals in the UK are using much more sophisticated tactics right now. The latest data shows that phishing remains the most common form of cyber attack across businesses and individuals.

Here are three major scam trends you need to be aware of:

1. Delivery & Parcel Scams (Smishing) 📦

Especially around the busy holiday seasons, fraudulent texts (called Smishing) and emails impersonating major couriers are rampant.

• The Scam: You receive an urgent text or email claiming there's an unpaid re-delivery fee (£1-£2), a problem with your address, or customs duty that must be paid immediately to release a parcel.

• The Goal: To get your bank card details for the small fee. Once they have those details, they can use them for other fraudulent transactions.

• How to Spot It:

  • The Fee is Fake: Major UK couriers will never charge a re-delivery fee via a text message.

  • Vague Details: The message rarely includes your name or specific order details (e.g., what you ordered).

  • Action: If you are expecting a parcel, never click the link. Go to the official courier website or app and use your genuine tracking number to check the status.

2. AI-Powered Impersonation (Deepfakes & BEC) 🤖

Phishing is getting harder to spot because AI tools are eliminating the classic red flags like poor spelling and grammar. This is a huge threat to businesses, but individuals are also at risk.

• The Scam: Scammers use AI to craft highly convincing, flawless messages. For businesses, this includes Business Email Compromise (BEC) where they impersonate a CEO, CFO, or a trusted vendor, often with details scraped from LinkedIn or public profiles.

  • The scammer might even use deepfake voice technology to call an employee, sounding exactly like a senior leader, and demand an urgent, secret bank transfer.

• The Goal: High-value fraud, like large bank transfers or the theft of sensitive company data.

• How to Spot It:

  • Verify Out-of-Band: Always verify an unusual or urgent financial request through a secondary method. If your CEO emails asking for a transfer, call them on their known phone number to confirm—don't reply to the email.

  • Question the Urgency: Scammers rely on panic. Any request for an immediate, large, or unusual transfer should be a major warning sign.

3. HMRC & Government Refund Scams 💰

These scams are perennial but remain highly effective, often peaking around tax deadlines.

• The Scam: You receive an email or text claiming you are entitled to a tax refund or rebate from HMRC and must click a link to input your details to claim the money.

• The Goal: To steal your financial and personal information, which is then used for identity theft.

• How to Spot It:

  • HMRC's Rule: HMRC will never notify you of a tax rebate or ask for personal details via email, text message, or WhatsApp. They will always use official correspondence (like a letter) first, or tell you to check your Government Gateway account.

  • Suspicious Phone Calls: Be wary of automated calls threatening a lawsuit or arrest over unpaid tax—these are aggressive scams designed to scare you into making an immediate payment (often via gift cards or bank transfer, which HMRC would never request).

What to Do: Remember the Reporting Numbers

You did exactly the right thing with your suspicious email. Keep these essential UK reporting contacts handy:

Type of Scam	What to Do	Reporting Contact
Suspicious Email	Forward it. DO NOT click any links.	report@phishing.gov.uk
Suspicious Text (Smishing)	Forward the whole message.	7726 (Free service)
Lost Money or Hacked	Report the crime immediately.	Action Fraud (England/Wales) or Police Scotland (Scotland)

Reporting Fraud and Cyber Crime in the UK

The service for reporting fraud and cyber crime in England, Wales, and Northern Ireland has been transitioning from Action Fraud to a new service called Report Fraud.

• For England, Wales, and Northern Ireland:

  • Online: Visit the new service at reportfraud.police.uk.

  • Phone: Call 0300 123 2040.

  • Note: All traffic to the old Action Fraud website is automatically redirecting to the new Report Fraud service.

• For Scotland:

  • Continue to report to Police Scotland by calling 101.

• If you or someone else is in immediate danger or risk of harm, always dial 999.

What to do if you have suspicious messages or websites:

• Suspicious Emails: Forward them to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk.

• Suspicious Text Messages: Forward them free of charge to 7726.

• Suspicious Phone Calls: You can report scam call numbers free of charge by texting 7726 with the word 'Call' followed by the scam caller's number.

• Suspicious Websites: You can report a scam website to the National Cyber Security Centre (NCSC) directly to help them investigate and remove it.

🚨 Phishing Alert: Don't Fall for the "Mailbox Full" Scam! 📧

 

scam alert: phishing email

We've all been there: a quick glance at your inbox reveals an urgent-looking message. But before you click anything, take a second look. A recent scam email, cleverly designed to look like a genuine "Account Safety Desk" alert, is trying to trick users into giving away their details.

What the Scam Looks Like

A user recently reported receiving an email with a subject line like "Re: DK" (which is suspiciously vague) or similar, but the content is what makes it dangerous:

• Urgent Warning: It claims your "mailbox is at 96%" and that "Space is running low and email delivery may fail." This is designed to cause panic and make you act without thinking.

• The Big Blue Button: There's a prominent button labelled "Upgrade Storage" (often in a bright, inviting colour). DO NOT CLICK THIS.

• Suspicious Sender: The email in the reported case was sent from a highly generic and non-official-looking address (e.g., <avictor_331conant@hotmail.com>), even though it's warning about a completely different service.

🛑 What Happens if You Click "Upgrade Storage"?

If you click the button, you are usually taken to a convincing but fake sign-in page. The scammers' goal is to steal your email login credentials (your username and password). Once they have these, they can:

1. Access all your private emails.

2. Send malicious emails to your contacts, using your trusted name.

3. Use your email to reset passwords on other accounts (like banking, shopping, or social media).

✅ What Should You Do Instead?

The user who reported this did exactly the right thing! Here’s the official advice for anyone receiving a suspicious email:

1. Stop and Think: Does your legitimate email provider usually send storage warnings like this? Most major providers (like Google, Microsoft, Yahoo) usually manage storage more subtly within the account itself, not via urgent, plain emails.

2. Check the Sender: Look closely at the "From" address. If it doesn't match the official domain of the service it claims to be (e.g., if it's a Hotmail address warning you about a Gmail account), it’s almost certainly a scam.

3. DO NOT CLICK any links or buttons in the suspicious email.

4. Report It: Forward the suspicious email to the UK's dedicated reporting service: report@phishing.gov.uk. This service, run by the National Cyber Security Centre (NCSC), analyses the emails and takes down the malicious websites.

5. Delete It: Once reported, delete the email immediately from your inbox and your trash folder.

Stay vigilant and keep your accounts safe! A moment of caution can save you a lot of future hassle.

Bexley Crime stats ward summary Nov 2025

Source: Bexley Watch Viz