Ofcom, the UK’s communications regulator, has unveiled new measures to protect consumers from scam calls originating overseas. The updated industry guidance mandates phone companies block calls from abroad using false UK landline numbers. This move targets ‘spoofing,’ where fraudsters imitate trusted numbers to deceive victims.
Lindsey Fussell, Ofcom’s Group Director for Networks and Communications, emphasized the impact of these scams, stating, “Criminals who defraud people by exploiting phone networks cause huge distress and financial harm to their victims.” The new measures aim to build on declining trends in scam calls and texts. According to Fussell, “We’re keeping our foot to the throttle to find new and innovative ways to tackle the problem.”
This initiative follows a consultation period and is designed to offer significant public protection. BT reported successfully blocking up to one million calls per day using these tactics within the first month of implementation.
Ofcom also seeks technical solutions for scam calls from abroad that spoof UK mobile numbers. Current rules don’t mandate blocking all incoming calls from +447 numbers to avoid blocking legitimate calls from UK users roaming internationally. Fussell added, “Millions more scam calls from abroad using spoofed UK landline numbers will be blocked – with similar plans underway for calls which spoof UK mobile numbers.”
Recent studies by Ofcom show a decline in suspicious calls and texts but highlight that the problem persists. In 2024, 48% of UK landline users reported receiving a suspicious call in the previous three months, down from 56% in 2021. Among mobile users, the figure dropped from 45% to 39% during the same period.
To address these threats, Ofcom has published two Calls for Input focusing on tackling scam calls spoofing UK mobile numbers and deterring mobile messaging scams, including those using SMS and Rich Communication Services (RCS).
Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University, described the emerging tactic known as Telephone-oriented Attack Delivery (TOAD). This technique combines elements of voice and email phishing to exploit victims by impersonating trusted officials and extracting sensitive data, such as login credentials or financial information. Curran warned, “Unsolicited communications which ask for personal data should be thoroughly checked. It’s also important to avoid clicking on links or downloading attachments from suspicious emails.”