The Rise of Smarter Scams: What You Need to Know in 2025

Cybercrime in 2025 is smarter, faster, and harder to detect than ever before. Powered by AI, machine learning and deepfake technologies, today's online scams are not the sloppy impersonations or poorly worded phishing emails of five years ago. They are polished, personalised, and increasingly effective and small and mid-sized UK businesses are a key target.

A report from the UK’s National Cyber Security Centre (NCSC) warned in early 2025 that generative AI is enabling threat actors to scale impersonation attacks, write believable phishing emails, and even produce convincing voice and video deepfakes in minutes. These scams don’t just trick individuals. They penetrate businesses, compromise staff trust, and exploit weak processes.

Here's what’s happening right now and how to respond.

1. AI-Generated Phishing & Vishing

Phishing emails have long been a threat. But in 2025, they’re no longer generic. Criminals are using AI tools to write emails that match the tone of your colleagues, include accurate references to recent projects, and look exactly like something your team would send.

Vishing (voice phishing) is also evolving. Using AI voice cloning, attackers are creating fake voicemails or live calls that sound like a real person often a manager, supplier, or client. In June, US Senator Marco Rubio was targeted using a cloned voice of another political figure in a vishing scam tied to a disinformation campaign【source: Washington Post, July 2025】.

What UK businesses can do:

• Train staff to verify any unexpected or urgent email or call, even if the voice or email appears legitimate.

• Use internal codewords or secondary channels (e.g. Slack or Teams) to confirm identity on high-risk tasks like payments.

2. Deepfake Video & Audio Scams

Deepfakes are no longer experimental. AI tools can now generate realistic videos of CEOs, finance officers, or even celebrities — used to trick staff or customers. Scammers have started using these to:

• Announce fake promotions or investments on social media.

• Request wire transfers or sensitive data from employees.

• Endorse fake crypto or AI products.

This year, several YouTube channels were caught spreading fake videos of tech executives announcing “exclusive offers” that led to phishing pages.

Red flags to look for:

• Videos or audio from known figures that are low-resolution, poorly timed, or vague.

• Urgent financial instructions without prior communication.

3. Fake Job Offers and Recruitment Scams

AI-generated job scams have surged. Fraudsters create fake job ads on LinkedIn and Indeed, then run interviews using AI chatbots or cloned recruiter voices. Victims are asked for sensitive personal information (passport scans, bank details) or charged for fake training and background checks.

This trend is hitting both individuals and HR teams. Scammers have even impersonated real HR managers during fake onboarding.

Advice for SMEs:

• Apply strict controls around who can post job ads and contact applicants.

• Verify candidate details via official contact channels before onboarding.

4. Business Email Compromise (BEC) Using AI Writing Tools

BEC scams where criminals gain access to or spoof executive email accounts — now use AI to mimic writing style with unsettling accuracy. A 2025 report by TechResearchOnline found that AI-assisted BEC attacks had a 48% higher response rate than traditional phishing.

These messages often involve:

• “Urgent” payment requests from finance directors.

• Changes to supplier bank details.

• Confidential HR matters requesting discretion.

What you should implement:

• Mandatory multi-factor authentication (MFA) for all email accounts.

• Strict verification steps for bank detail changes or unexpected financial instructions.

5. QR Code Scams (Quishing)

Criminals are placing malicious QR codes in public spaces — on parking signs, restaurant tables, even fake flyers. Scanning these leads to phishing sites that mimic login pages or payment screens.

With the rise in QR code use, particularly in hospitality and events, this tactic is spreading.

How to reduce risk:

• Instruct staff to verify QR codes before use.

• Use password managers that detect fake login pages.

6. AI-Driven Tech Support Pop-Ups

Another 2025 trend is fake “tech support” alerts powered by AI. These appear as pop-ups or fake antivirus warnings on user screens, urging them to call a support number. The call leads to a scammer offering to “fix” a nonexistent issue often demanding remote access or a fee.

Microsoft and Apple have both issued warnings about such scams this year.

Prevention tips:

• Train staff to close pop-ups and never call numbers provided in error messages.

• Use endpoint security software with real-time threat detection.

7. Clone Retail Sites & Email Phishing Around Sale Events

With Amazon Prime Day, Black Friday and other sales events, scammers are registering lookalike domains and launching fake websites that imitate major retailers. These are often linked from phishing emails and ads on social media.

In June 2025 alone, over 1,200 fraudulent Amazon-like domains were flagged by cyber intelligence firms.

Safeguards:

• Train staff (and customers if applicable) to type web addresses directly into browsers.

• Never log in or make purchases from emailed links unless verified.

Key Takeaways for UK Businesses

• AI is not just a business tool — it’s now a weapon in cybercrime.

• Traditional awareness training is no longer enough. Fraud now looks like your boss, sounds like your colleague, and writes like your team.

• Security culture matters. Verification processes, layered defences, and staff awareness are more important than ever.

Practical Steps to Take Now

• 🔒 Enforce MFA across all platforms.

• 👥 Run updated staff awareness sessions with real 2025 scam examples.

• 🔍 Review and document processes for payments, supplier changes, and data requests.

• 🧠 Introduce AI-generated phishing simulations as part of security training.

• 🛡️ Talk to your MSP or IT provider about tools that can detect and block AI-powered threats in real time.