Sunday Security — Week in Review

Sunday, 07 June 2026 — A look back at the week's threats and what's coming next.

📋 This Week at a Glance

  • Phishing attacks dominated — UK banks saw a 140% increase in reported phishing attempts compared to last year
  • AI voice cloning scams spread across Telegram, with UK-specific targeting packages on sale for as little as £80
  • Ransomware claimed 3 UK victims this week, including a GP surgery in Essex and a logistics firm in Manchester
  • Credential leaks continue — 2 new dumps containing UK email addresses were posted on criminal forums
  • DarkWatch logged 8,910 captures across 18 monitored targets

1. Phishing: The Numbers Are Getting Worse

The volume of phishing attacks targeting UK residents is climbing faster than most people realise. Action Fraud data, cross-referenced with our dark web monitoring, shows a clear trend: criminals are automating their campaigns and scaling up.

The banks most targeted this week were Lloyds, HSBC, and Barclays — in that order. The phishing kits used are increasingly sophisticated, with some now including real-time two-factor authentication interception.

What that means for you: if you receive a text or email that looks like it's from your bank, don't click anything. Open your banking app directly or call the number on your card.

2. Ransomware Hits UK Healthcare

The attack on a GP surgery in Essex is particularly concerning. Patient records were encrypted and the attackers demanded £40,000 in Bitcoin. The surgery is still offline as of Sunday evening.

This follows a pattern we've been tracking for months: ransomware groups are deliberately targeting smaller UK healthcare providers because they're less protected than the NHS but just as critical.

What to do about it: if you're waiting to hear from your GP, be patient — they're dealing with the aftermath. If you receive any unexpected emails claiming to be from your surgery asking for payment, it's almost a secondary scam targeting the same victims.

3. Dark Watch Intelligence — Week in Review

Our automated dark web monitoring flagged several significant items this week:

  • 3 new scam kits targeting UK banks appeared on criminal forums
  • 12 Telegram channels dedicated to UK-specific fraud were identified
  • AI voice cloning services are being advertised with UK accents as a selling point
  • Credential dumps containing approximately 15,000 UK email addresses were posted

📡 DarkWatch Stats

Metric This Week
Total captures 8,910
Active targets 18
New credential dumps 6
UK scam kits detected 3
Telegram fraud channels 12

🛡️ Quick Actions for Sunday

  1. Review your bank statements for this week — spot anything unusual?
  2. Check if your email has been in a breach (use haveibeenpwned.com)
  3. Talk to one person in your family about phone scams
  4. Set your phone to silence unknown callers (it's in settings)

🐾 GUARDED BY BULLY — Sources: DarkWatch dark web monitoring, Action Fraud, NCSC, SANS ISC, BleepingComputer, CrowdStrike | 07 June 2026