Ofcom, the UK’s communications regulator, has introduced new measures to protect consumers from scam calls originating overseas. The strengthened industry guidance, announced today, requires phone companies to block calls from abroad that falsely display UK landline numbers.
This move aims to tackle a common tactic used by fraudsters who ‘spoof’ trusted phone numbers to deceive victims. By imitating numbers from reputable organisations or government departments, scammers increase the likelihood of their calls being answered.
Lindsey Fussell, Ofcom’s Group Director for Networks and Communications, said:
“Criminals who defraud people by exploiting phone networks cause huge distress and financial harm to their victims. While there’s encouraging signs that scam calls and texts are declining, they remain widespread and we’re keeping our foot to the throttle to find new and innovative ways to tackle the problem.”
The new guidance follows a consultation period and is expected to have a significant impact on protecting the public. BT, which implemented these measures voluntarily, reported preventing up to one million calls per day from entering its network within the first month.
Ofcom is also seeking input on technical solutions to address scam calls from abroad that spoof UK mobile numbers. Current rules do not require operators to block all calls from abroad with +447 numbers to avoid blocking legitimate calls from UK users roaming internationally.
“Under our strengthened industry guidance, millions more scam calls from abroad which use spoofed UK landline numbers will be blocked – with similar plans underway for calls which spoof UK mobile numbers,” added Fussell.
Recent research by Ofcom shows a decline in suspicious calls and texts, but the problem remains substantial. In 2024, 48% of UK landline users reported receiving a suspicious call in the previous three months, down from 56% in 2021. For mobile users, the figure dropped from 45% to 39% over the same period.
To address evolving threats, Ofcom has published two Calls for Input. The first seeks views on tackling scam calls spoofing UK mobile numbers, while the second focuses on deterring mobile messaging scams, including those using SMS and Rich Communication Services (RCS).
Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster university, commented:
“Telephone-oriented attack delivery (TOAD) is an emerging phishing technique that combines elements of voice and email phishing to exploit victims. In these attacks, perpetrators contact the targets via the phone, impersonating officials from reputable entities to establish trust. The conversation is designed to extract sensitive data, such as login credentials or financial information. Following the call, the attacker sends an email to the victim, including a malicious link or attachment aimed at further compromising the victim’s security.
The effectiveness of TOAD attacks lies in the attackers’ ability to manipulate social engineering principles, leveraging the perceived authority and trustworthiness of well-known organisations to bypass conventional security measures. Due to their dual-channel approach and targeting of specific individuals, people need to be extra vigilant. These attacks rely upon dynamic websites and tailored techniques which have an alarmingly high success rate, and low detection rate. Unsolicited communications which ask for personal data should be thoroughly checked. It’s also important to avoid clicking on links or downloading attachments from suspicious emails. For those who are concerned that they have been caught out by the attackers, they should review online accounts regularly – this helps to flag signs of fraud or rogue charges.”
Ofcom acknowledges that scammers continually seek new ways to contact potential victims and evade existing security measures. As such, Ofcom is committed to ongoing efforts to protect consumers and adapt to emerging threats in the telecoms landscape.
Providers can find the updated industry guidance from Ofcom here.
(Photo by Utsman Media)
See also: Ofcom hits BT with £17.5M fine over emergency call system failure
Unified Communications is a two-day event taking place in California, London, and Amsterdam that delves into the future of workplace collaboration in a digital world. The comprehensive event is co-located with Digital Transformation Week, IoT Tech Expo, Edge Computing Expo, Intelligent Automation, AI & Big Data Expo, and Cyber Security & Cloud Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.