Don’t Get Hooked: Over 41 Million Phishing Scams Reported – Why Vigilance Still Matters

Phishing scams remain one of the most persistent and effective cyber threats facing the UK public and businesses alike. New figures from the National Cyber Security Centre (NCSC) and Action Fraud reveal just how widespread the problem has become—and why continued awareness and reporting are critical in keeping individuals and organisations safe.

As of April 2025, over 41 million phishing scams have been reported to the Suspicious Email Reporting Service (SERS) since its launch in April 2020. These reports have led to the removal of more than 217,000 scams across 393,395 individual website pages, highlighting the vital role public reporting plays in disrupting fraudsters’ operations.

What is Phishing?

Phishing—also referred to as smishing (via SMS), quishing (via QR codes), or vishing (via phone calls)—is when cyber criminals send fake messages designed to trick recipients into clicking on malicious links, sharing personal data, or making payments. These scams often impersonate trusted brands such as banks, streaming platforms, or government bodies, making them deceptively convincing.

The goal is simple: to steal money, login credentials, or sensitive information by misleading victims with genuine-looking messages.

Most Common Targets

Action Fraud data shows that the most impersonated sectors in phishing scams include:

• Streaming services (e.g. Netflix, Spotify)

• Tech and telecoms companies

• UK Government schemes (e.g. tax rebates or energy grants)

• These scams are often delivered via emails or texts and frequently create a sense of urgency or authority, pressuring recipients to act quickly without verifying the legitimacy of the message.

How to Respond to Suspicious Messages

If you receive a message—email, text or phone call—that doesn’t feel right, follow this golden rule: Stop. Think. Report.

For Emails:

• Don’t click any links, open attachments, or reply.

• Contact the organisation using verified contact details (e.g. on their official website or utility bills).

• Forward the suspicious email to: report@phishing.gov.uk

  
  

For Text Messages:

• Don’t respond or click any links.

• Forward the message to: 7726 (a free spam-reporting service run by mobile networks).

• Report the scam and delete the message.

For Phone Calls:

• Hang up immediately if something doesn’t feel right.

• Never share personal or financial details over the phone.

• Report scam calls by texting 7726 with the word “call” and the number that rang you.

Action Fraud Urges the Public to Keep Reporting

According to Superintendent Amanda Wolf, Head of the National Fraud Intelligence Bureau, reporting phishing attempts plays a key role in identifying and dismantling fraud campaigns before they affect more people. “Every phishing email reported helps us gain a better understanding of the tactics being used,” she says. “The more reports we receive, the more people we can protect.”

Even when you’re not sure if a message is fake, reporting it helps authorities detect trends and shut down malicious websites faster.

What to Do if You Fall Victim to a Scam

If you believe you’ve clicked a malicious link or shared information as part of a phishing scam:

• Contact your bank immediately to protect your accounts.

• Report the incident to Action Fraud via www.actionfraud.police.uk or by calling 0300 123 2040.

• In Scotland, report directly to Police Scotland by calling 101.

• You can also find further tips and advice on staying safe at: Stop Think Fraud

Final Thoughts

Phishing may be evolving, but so is our collective ability to fight back. By staying alert, double-checking communications, and reporting anything suspicious, individuals and businesses can play a direct role in reducing the spread and success of online scams.

Don’t let cyber criminals catch you off guard—Stop. Think. Report. Every report makes a difference.