The telecoms regulator, Ofcom, has today given UK phone providers (fixed line and mobile) six months to implement changes that aim to help tackle scammers who call from abroad and imitate UK landline numbers (i.e. spoofed calls), which requires stricter measures against “Presentation Numbers” that are used to identify who is making a call.
Most of the United Kingdom’s major broadband, phone and mobile network providers have already implemented various technical measures to tackle Nuisance Calls and Scam Calls. But these aren’t always 100% effective, and there are still plenty of operators that could do more.
Back in 2022 Ofcom attempted to clampdown on such calls by requiring all telephone networks involved in transmitting calls – either to mobiles or landlines – to identify and block spoofed calls, albeit only “where technically feasible” to do so (here). The move improved the accuracy of Calling Line Identification (CLI) and they also made it harder for scammers to access valid phone numbers by introducing additional checks.
Advertisement
However, scammers, such as those who make a call from abroad, could still spoof their number to make it look like the call is from a trusted UK-based organisation or person, when in fact they are actually calling from another country. Calls like this are naturally more likely to be answered and thus Ofcom have been working with the industry to tackle this.
There are generally two numbers associated with an incoming call: the Network Number, which identifies where the call is being made from; and the Presentation Number, which identifies who is making the call.
In most cases the Network and Presentation Number are the same, but there are some scenarios where a caller may wish to display a different number to the line the call is being made from (e.g. an outsourced call centre that makes calls on behalf of different businesses, or businesses which may wish to display a single number for outbound calls).
Ofcom are, firstly, updating their CLI Guidance to confirm that phone providers are expected to identify and block calls from abroad that use a UK geographic or non-geographic telephone number as a Presentation Number, except in a limited number of legitimate use cases (i.e. removing a loophole through which scammers can spoof a UK number from abroad).
Advertisement
“BT has already prevented up to one million calls per day from entering its network within the first month of implementing these measures on a voluntary basis, and our guidance will ensure this becomes standard practice across the industry,” said Ofcom’s statement. Ofcom has given the industry until 29th January 2025 (six months) to implement this.
Lindsey Fussell, Ofcom’s Group Director for Networks and Comms, said:
“Criminals who defraud people by exploiting phone networks cause huge distress and financial harm to their victims. While there’s encouraging signs that scam calls and texts are declining, they remain widespread and we’re keeping our foot to the throttle to find new and innovative ways to tackle the problem.
Under our strengthened industry guidance, millions more scam calls from abroad which use spoofed UK landline numbers will be blocked – with similar plans underway for calls which spoof UK mobile numbers. We’re also challenging the industry and other interested parties to provide evidence on the best solutions to tackle mobile messaging scams.”
In addition to this change, Ofcom has also called for industry feedback on some additional changes. The first of two new Call for Inputs (Options to address mobile spoofing) will seek views on the potential for implementing different technical solutions to tackle scam calls from abroad which spoof UK mobile numbers.
The regulator’s existing rules don’t require operators to block all calls from abroad with +447 numbers, which is so that genuine calls from UK callers roaming abroad are not blocked (overblocking). But work has been ongoing to find technical solutions to this issue by identifying legitimate UK roamers and blocking or reducing calls which spoof UK mobile numbers, although they’ve yet to identify a preferred approach.
However, if the regulator does decide to introduce new regulation on this issue, then another consultation is expected to follow during Spring 2025.
Advertisement
Ofcom Statement
There are two broad technical solutions being actively explored both in the UK and abroad. One group of options under consideration involves the provider that is bringing the call into the UK (referred to in this document as the ‘international gateway provider’) proactively undertaking checks to ascertain whether a specific number calling from abroad is indeed roaming.
The second group under consideration involves the international gateway provider identifying mobile calls coming from abroad, modifying the data associated with such calls, and then usually forwarding them to the caller’s home mobile network, where further validation checks may take place.
However, there is no clear consensus across industry on the preferred solution. Our evidence on the scope and scale of the problem of calls spoofing UK mobile numbers is also limited. Anecdotally, industry has told us that, as we have closed other spoofing routes, scammers are moving to spoof UK mobile numbers. This means that, while current volumes of such calls may be low, there is a risk that scammers will exploit this opportunity further in the future.
The second Call for Input (Reducing mobile messaging scams) is a little more mundane and appears to be seeking views on text message (SMS and RCS) based scams (but not WhatsApp-like services as those fall under the Online Safety Act), which is intended to help Ofcom’s understanding of the market including new analysis of how scams are perpetrated within it, and evidence on the current scale of the problem.
The tricky part in all of the above changes stems from the inherent problem of implementing such rules without also over-blocking legitimate voice calls and messages, which is easier said than done – particularly at a time when the UK is in the middle of a transition from analogue to IP-based (digital) phone services.
Today’s update attempts to address the problem via rule changes, but once all phone services have gone digital (IP-based) then more methods will become viable (e.g. CLIa / CLI Authentication – here).
A lot of the issues originate from from companies selling your details or tracking cookies. 10 years ago I put £10 on a Giffgaff sim and that’s in an Alcatel burner phone and whenever I use a service online, I use that number and not my regular mobile
The alcatel is on silent and gets calls every single day yet we never get any on our mobile
Great idea
I don’t do this myself but it is a big reason why I hesitate to give my phone number out to any service. The landline number gets junk calls several times a week and nobody answers it any longer especially since it is now upstairs plugged into the back of the router.
Everyone seems to want to sell your number. I did some government funded training a few years back and very shortly after giving my phone number the spam calls started. Of course they died down after about 2 or so months after not never answering a single call but it is pathetic how quick your phone number and other data will be sold once it is handed out
Forgive my ignorance, but how can a company get your phone number from tracking cookies from your web browser?
It is a tricky situation.
I used to use True Caller app like on my phone but never got 100% protected.
As I also live in France for a few weeks each year, I happened to learn the local Ofcom equivalent (named Arcom) ruled that call centres must use phone number identifiers from given ranges, they are not allowed to use mobile-phone-like numbers and are forbidden to spoof their numbers.
Which I believe it does not exist in the UK.
There used to be a crowd source free French application (only covering this territory and its numbers) which unfortunately changed to subscription only.
However, people have turned to use the free Begone App, in which users can create a list of identifiers to block large ranges of numbers. The list can be exported and shared to other users for free.
Someone shared his list of French blocked identifiers on Github.
Had Ofcom made the same regulations, UK citizens could have used the same strategy.
I personally added a few ranges, and never had a nuisance call again.
I believe there is a text messages blocker equivalent from the same developer, but I rarely get scam texts.
Luckily my phone does block numbers that are suspicious and of course can be scammers very quickly and efficiently. Not everyone is lucky
I found using BT’s Digital Voice service with the Advanced Digital Handsets it has become really good at flagging up these nuisance calls.
Getting tough with UK scammers would be a good move too. No more fining then then watching them go bust without paying a penny and then reappearing a few days later under a very similar name and with the boss’s goldfish named as director.
Google pixel’s have a great feature which helps block nuisance calls but then again not everyone can’t afford a top tier phone.
Can telcos tell where VOIP calls, possibly using proxy servers, originate?