A 2022 report from the Office for National Statistics, the most comprehensive on phishing to date, has revealed that half of all adults residing in the UK have reported receiving a phishing message.
In the last year, 85% of UK businesses and 86% of charities faced at least one phishing attack, with 32% of phishing emails being AI-generated, leveraging scraped social media or dark web data and real-time language tweaking.
Advance fee fraud
The average loss for businesses from phishing attacks increased to £1,600 in 2024
There has been an increase in the evidence of fraudsters taking advantage of widespread behavioural changes following the COVID-19 pandemic, particularly in online shopping cases.
This includes a nine-fold increase in advance fee fraud, tricking victims into paying an upfront fee in exchange for a larger reward, service, or goods that never materialise, and a 57% rise in consumer and retail fraud from pre-pandemic levels, with more than half of those who received phishing messages reporting them from senders posing as delivery companies.
As such, the average loss for businesses from phishing attacks increased to £1,600 in 2024, rising by 32% over 2023.
Growing public awareness
Phishing messages most commonly impersonate delivery companies, financial institutions
Will Ashford-Brown, Director of Strategic Insights at Heligan Group, said, “UK businesses are lacking the resources and education to safeguard themselves against phishing attacks. It takes one slip-up on one email to cause complete operational chaos.”
The Suspicious Emails and Reporting Service (SERS), run by the National Cyber Security Centre (NCSC), has received over 32 million reports from the public since its inception in 2020.
Notably, there was a 44% increase in reports made in 2023, compared to 2022, indicating, in part, growing public awareness and vigilance against this specific form of cyber threat – a rare positive when appraising the state of cybercrime in the 21st Century, yet phishing continues to surge. According to a Telephone-operated Crime Survey for England and Wales, phishing messages most commonly impersonate delivery companies, financial institutions, e-commerce companies, and government services.
Signs of a scam
“To stay safe, UK businesses must report scams as soon as they can, so they can be dealt with and get them taken down,” Ashford-Brown continued.
“Employees should be strongly encouraged to reduce the amount of personal information they share online, which contributes to the ability of scammers to target businesses.”
“They should also receive training on how to identify the tell-tale signs of a scam. Most phone providers are part of a scheme that allows customers to report suspicious text messages for free by forwarding them to 7726, and this scheme must be encouraged.”
Increase in phishing attacks
“The alarming increase in phishing attacks year-on-year should be a wake-up call for UK businesses. They cannot afford to bury their heads in the sand and must educate all staff members on how to safeguard against phishing. With the correct education and safeguarding, attacks can be easily avoided.”
“Personal information must remain private and off the internet for both business and personal safety. Businesses need to remain vigilant as phishing continues to become a significant threat to the UK,” concluded Ashford-Brown.
Stay ahead of the trends on securing physical access control systems through layered cybersecurity practices.
