Ofcom UK to Restrict Number Spoofing to Tackle Mobile Scam Calls from Abroad
The UK internet content and telecoms regulator, Ofcom, has today proposed changes that will require phone providers to withhold the Caller ID (CLI) of calls that appear to come from a UK mobile roaming abroad unless they can verify its validity. The goal is to tackle scam calls by cracking down on number “spoofing“.
Just to recap. Most of the country’s major broadband, phone and mobile providers have already implemented various technical measures to tackle Nuisance Calls and Scam Calls. But these aren’t always 100% effective, and not all operators have introduced the same level of protections. Suffice to say, there’s still plenty of scope for improvement, and so Ofcom have been gradually introducing further changes.
For example, at the start of 2025 the regulator implemented changes that aimed to block scammers who call from abroad and imitate UK landline numbers (i.e. spoofed calls), which imposed stricter measures against “Presentation Numbers” (here). The move was useful because otherwise potential victims might trust a UK number more than an international one, and thus related calls are more likely to be answered.
Advertisement
However, the above change only worked for landlines, and today’s new proposal is intended to extend that to tackle spoofed mobile numbers. This is because there is currently an exemption from blocking calls from abroad that display a UK mobile caller ID, which exists to allow people who are roaming abroad to display their number to family and friends when they call them.
Ofcom’s research reveals that, in February 2025, 42% of phone users said they received a suspicious call in the last three months and people are more trusting of calls coming from UK mobile numbers (+447) than they are of calls from withheld or international numbers. Some 26% said they were likely or very likely to pick up a call from an unrecognised UK mobile number, compared to just 9% who would answer a call showing an international number with an unrecognised country code.
Marina Gibbs, Ofcom’s Policy Director for Networks and Communications, said:
“Customers endure a barrage of scam calls, and when people get caught out, the consequences can be devastating. It can happen to anyone, with criminal gangs in other countries trying to exploit people when their guard is down.
The work we’ve collectively already done has led to a million calls a day being blocked, but there’s no silver bullet, and we’re always looking for new ways to shore up our defences in the fight against fraud. These new measures would provide further protection for people in the UK.”
Ofcom’s Proposal
UK communications providers should withhold the Presentation Number of calls that appear to come from UK mobile users roaming abroad, except where they can verify the validity of the caller.
We are proposing to amend our CLI Guidance to set out how we expect providers to process calls from abroad that appear to come from UK mobile (+447) numbers.
When these calls first reach a UK provider (including entities acting as international gateways), the provider should modify the call’s CLI data to mark the CLI Presentation Number as ‘withheld’.
UK providers should have arrangements in place with their roaming partner networks so that calls to the UK that their customers make while roaming abroad are routed via the customer’s ‘home’ network (i.e. the network of the UK provider in question). After the call’s Presentation Number is marked as withheld, the home network should then modify the CLI data of calls from customers who are genuinely roaming abroad, so that the call recipient can see who is calling them, where technically feasible (and unless the caller has elected to withhold their number).
This two-step process will remove the ability of scammers outside the UK to present a spoofed UK mobile (+447) Presentation Number to people and businesses in the UK. This is because no home network will be able to verify the validity of these calls and therefore the Presentation Number will appear as withheld.
We expect the effect of this measure to be that UK people and businesses receive significantly fewer calls from scammers that appear to come from UK mobile users, although scammers may still be able to send messages from UK SIMs which they manage to source and use from overseas destinations. In turn, this will reduce the likelihood that people engage with scam calls and lose money.
Ofcom intends to consult on this until 13th October 2025 and will then publish their final decision during “early 2026“. After that, UK mobile operators would be given 12 months to introduce the changes, which is needed to “give providers the opportunity to modify agreements with roaming partner networks to have their customers’ calls routed via the UK provider’s network, where such agreements are not already in place“.
The challenge in all of this invariably stems from the inherent problem of implementing such rules without also over-blocking legitimate calls and messages. But this should become easier once all such services have gone digital (IP-based) as new methods will then become viable (e.g. CLI Authentication [CLIa] – here).
Advertisement
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.
« Geemarc Produce Clever 4G Adapter for Old Analogue UK Home Phones
It’s about time that Ofcom did something about this and got the mobile providers to get their act together, and how about stopping scam messages as well. It has come to the point where I have had to put silent phone calls on and only accept contact only as I am getting scam calls every 3 days and then they scam messages as well.
It’s very easy for Ofcom to make a rule banning this. It’s much, much harder to achieve it technically. If it was easy it would have been solved a decade ago.
C7 was designed in an era of state telcos who trusted each other. It is not much amenable to being modified to increase data validation, so that must all happen on other, new, systems and must happen quickly enough to not hinder call setup.
Ofcom has no jurisdiction outside of the UK and they can’t pass rules that contradict those set by ITU-T and CEPT.
Why not simply install a call blocker such as Truecall to oblige callers not in the recipient’s contact list to reveal their identity?
If my understanding is correct about the proposed mode of operation, this will add complications for some groups.
If the number is withheld, the users of iPhones (and possibly other smartphones) will not be able to block the caller, and so will still be prone to receiving phishing messages from such actors.
Instead of withholding a number, Ofcom might consider setting the CallerID to a set of zeros. This CallerID I, as far as I understand, can at least be blocked on user devices. Is there anyone on here who can fill the gaps on such an approach?
Could someone please bring Ofcom to 21st century and tell them that they are no longer spoof those numbers but use VoIP providers with gateways located in the UK and having hundreds of UK simcards each?
there is some movement on this as part of the Crime and Policing bill that is making its way through parliament right now
https://bills.parliament.uk/publications/61564/documents/6820
@Ivor, as long as it generates profit for operators, govt will not do anything with it.
armchair cynicism again. the government clearly is doing something about it by restricting SIM farm use.
there won’t be much if any profit in it – it’s not like the SIM farm owners will be paying for each call. they’ll be rinsing unlimited SIMs (against the Ts and Cs) and no doubt the usage attracts police attention, wiretap requests, etc.
On this website’s forum, there is a thread about Lebara introducing new terms that give them the right to block a handset if it is used with more than five SIMs per year. I wonder who that’s aimed at…
Ofcom’s proposal is late but well-thought-out to significantly reduce caller ID spoofing by use of home network verification. Ofcom is right to say it’s no silver bullet but this should work well.
I remember when Orange used to present a single 0 as caller ID when one of there operators called a customer. However I digress,
Landline networks have had ACR (Anonymous call rejection) available for nearly thirty years. Why don’t mobile operators offer it?
This can be achieved on any decent Android handset (don’t know about Apple)
My iPhone has that and its been switched on for the last few months as I have noticed a marked increase in Spam calls to my mobile..
@Craig Wilson: ACR is a subscription service from the service provider. Apple iOS does not offer this feature.
Whatever happened to the existing requirement that a presentation number can be called back?
Enforcing that would stop all this at once. I appreciate there are technical difficulties, but a few enforcement actions would concentrate minds in the telcos.
@Name Blocking on the phone is no good. It simply diverts the call to voicemail (assuming you use it) or to a busy signal.
ACR is so much better. A recorded announcement is played at exchange level telling the caller that they are blocked, (and why!) and the call ends having never reached your phone.