SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Worried uk shopkeeper answers suspicious call ai driven scam hand
#
MFA
#
Phishing
#
Financial Systems

UK retailers hit by surge in AI-powered phishing & vishing scams

Thu, 30th Oct 2025
Author image
By Jed Nykolle Harme, Editor

New research has revealed a significant shift in cybercriminal tactics driving increased phishing attack volumes, with substantial impacts on major UK retailers and a notable surge in phone-based attacks.

The 2025 Phishing Threat Trends Report Vol. Six draws attention to changing methods used by attackers and points to a growing need for organisations to adapt their security responses to these evolving threats.

Retail breaches

One of the report's most prominent findings concerns the cybercriminal group Scattered Spider, which targeted several high-profile retailers in 2025. Among the named companies were M&S, Co-Op, and Harrods. The breaches are reported to have caused damages and losses amounting to hundreds of millions.

After infiltrating these retailers, attackers launched secondary phishing campaigns that impersonated the compromised brands, seeking to harvest customer credentials. The report details that Scattered Spider leveraged a blend of technical and human-targeting tactics, including sophisticated social engineering, vishing (voice phishing), multi-factor authentication (MFA) bombing, and credential harvesting. These combined approaches enabled attackers to bypass traditional defences.

Increase in vishing

The report also records a marked increase in the use of phone-based phishing attacks. Known as vishing, these attacks rose by 449% compared to the previous year. Phone numbers appeared as the sole payload in 5.5% of phishing emails observed by researchers.

The use of artificial intelligence to generate voices was prevalent, with 77% of callback numbers utilising AI-generated voices. Furthermore, the majority of vishing attacks (69%) were financially motivated, involving fraudulent requests for bank detail changes, refunds, or transfers.

Legitimate platforms exploited

Another significant shift highlighted in the report is the increased abuse of legitimate platforms such as QuickBooks, Zoom, SharePoint, and PayPal by cybercriminals, which rose by 67% year-to-date. By sending phishing emails from these trusted domains, attackers succeeded in bypassing standard security protocols.

The report notes that these emails passed DMARC authentication 100% of the time. The ability of such scams to evade traditional detection has complicated the response required by organisations, as they must now defend against attacks originating from platforms normally considered safe.

Changing attack patterns

Jack Chapman, Senior Vice President of Threat Intelligence at KnowBe4, commented on the evolving threat landscape and the implications for organisational preparedness:

"As cybercriminals bypass technical defenses using techniques such as hijacking legitimate platforms and manipulate victims through a variety of sophisticated social engineering methods, organizations need to prioritize workforce trust management. The findings from this report revealed that attackers demonstrated clear seasonal targeting throughout 2025, exploiting HR topics in January, Valentine's promotions in February, tax deadlines in April, and major events like the U.S. Open. As more attacks find their way through traditional email security defenses, it is critical that organizations evolve their tech stack to implement AI-driven detection that works within a holistic human risk management (HRM) ecosystem."

The report also details a pattern of seasonal targeting by attackers throughout the year. Criminals were found to exploit specific events and periods, such as human resources topics in January, Valentine's Day promotions in February, tax deadlines in April, and major sporting events like the U.S. Open. This allowed attackers to tailor their lures to current topics, increasing the likelihood of victims engaging with malicious content.

Industry response

The research highlights a clear trend towards combining technical exploits with focused manipulation of human behaviour. The findings suggest that evolving resilience and ensuring comprehensive defence strategies, including a focus on human risk management and AI-enabled detection, is essential for organisations to address these new threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Ping Identity launches platform to secure & manage AI agents
Gigamon unveils quantum-safe cryptography in GigaVUE update
Barracuda unveils AI assistant to boost security team efficiency
Fortinet reports strong Q3 revenue growth & SASE adoption surge
Apptio unveils FinOps tools to tackle soaring AI cloud costs

Top stories

EXOq research hub to boost Oxford region by GBP £1.4 billion
Hexaware boosts cybersecurity with strategic CyberSolve acquisition
Geneva launches first citywide quantum network for research & industry
Avanade unveils suite of Microsoft-powered tools for midmarket firms
Forrester predicts AI errors to cost B2B firms over USD $10 billion