Don’t get hooked: new warning urges the public to continue reporting phishy emails and texts with 41 million already reported

As of April 2025, the total number of phishing scams reported to the Suspicious Email Reporting Service (SERS) reached over 41 million since its launch in April 2020. This has resulted in 217,000 scams being removed from across 393,395 websites pages by the National Cyber Security Centre.

Insight revealed by Action Fraud shows the top industries impersonated in reported phishing emails were streaming services, tech and telecommunication companies, with some posing as various UK government schemes. 

Action Fraud, the national fraud and cyber crime reporting service, launched a phishing awareness campaign to urge the public to beware of phishing scams and report all emails and messages if they look suspicious. 

Spam calls and suspicious text messages can be reported too. By using 7726, a free service offered by mobile network providers, customers can forward suspicious text messages, which helps the removal of scam websites and allows networks to block users sending scam text messages. Between April 2020 and April 2025, more than 27,000 scams were removed as a result of being reported using 7726.

What is phishing?

'Phishing', ‘quishing’ or ‘smishing’ is when criminals use fake emails, text messages, QR codes, or phone calls to trick victims. 

The goal of a phishing message is to encourage the victim to click a malicious link, or scan a fraudulent QR code, which usually leads them to a genuine-looking website, designed to make victims part way with their financial and/or personal information. Criminals will use well-known brands or organisations the victim already has a connection with, like a bank or tradesperson, to make fake emails seem genuine and more convincing. 

How can you protect yourself?

If you’ve received an email that doesn’t feel right, STOP! 

1. break the contact – don’t reply, click on any links, call any phone numbers or make any payments 

2. check if it’s genuine: contact the organisation directly using an email address or phone number you know is correct, e.g. from your utility bills, via a search engine, on the back of your card or by calling 159 for banks 

3. before you delete the email, forward it to report@phishing.gov.uk 

If you’ve received a text message that doesn’t feel right, STOP! 

1. break the contact – don’t reply, click on any links, call any phone numbers or make any payments 

2. check if it’s genuine: contact the organisation directly using an email address or phone number you know is correct, e.g. from your utility bills, via a search engine, on the back of your card or by calling 159 for banks 

3. forward the message for free to 7726 

If you’ve received a call that doesn’t feel right, STOP! 

1. hang up 

2. check if it’s genuine: contact the organisation directly using contact details you know are correct, such as those on a utility bill, official website, the back of your card or by calling 159 for your bank 

3. don’t trust the Caller ID display on your phone – it’s not proof of ID 

4. report it by sending a text to 7726 with the word ‘call’ followed by the scam caller’s number 

For more advice on how to protect yourself from fraud: https://stopthinkfraud.campaign.gov.uk/

If you’ve lost money or provided financial information as a result of a phishing scam, notify your bank immediately and report it to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040. In Scotland, call Police Scotland on 101.