Phishing reports impersonating HM Revenue & Customs (HMRC), the British national tax authority, appear to be slowing, according to a new study by Bridewell.
The UK-based critical infrastructure cybersecurity provider collected data from a Freedom of Information (FOI) request about individuals who reported attempts to impersonate HMRC between January 1, 2023, and June 2, 2025.
In its findings, published on September 10, the firm observed an overall downward trend relating to email and SMS-based phishing attempts impersonating HMRC.
Between January and June 2025 there was a total of 41,202 phishing reports, down from 102,226 in 2024 and 152,995 in 2023.
While the 2025 figures only covered the first half of the year, if the pace continues, reports could fall by nearly 60% compared to last year’s total.
The downward trend is most prominent in relation to email-based phishing, with 38,012 reports for the first half of 2025, down from 96,252 in 2024 and 148,909 in 2023.
However, SMS-based phishing attempts appear to be on an upward trajectory, with 3190 reports in the first half of 2025. This accounts for almost two-thirds of the total SMS phishing reports in 2024 (5974) and over three-quarters of those for 2023 (4086).
AI-Powered Phishing, A Step Up in Sophistication
Despite a global trend downward, Bridewell warned that tax refund phishing remains a concerning threat, with HMRC receiving a staggering 296,000 reports over the past two and a half years.
Luiz Simpson, head of red team at Bridewell, emphasized that social engineering techniques are getting more sophisticated and harder to detect, in part thanks to AI.
“AI can analyse the way real companies communicate and then replicate it in phishing emails or text messages. This is why vigilance is critical, and we can no longer rely on the standard red flags, like poor grammar or spelling, to tell us something is off,” she said.
“The advice is clear. Firstly, you should pause and think when you receive a suspicious email. You should never click on suspicious links or open attachments in emails or SMS messages, and you should always verify the authenticity of any communication by visiting HMRC’s official website directly,” she also advised.
Bridewell also highlighted that the latest HMRC’s global Cyber Security Breaches Survey, published in June 2025, revealed that 85% of UK businesses experienced a phishing attack last year.
