Call for input: Options to address mobile spoofing

Published: 29 July 2024
Consultation closes: 23 September 2024
Status: Closed (pending statement)

Protecting consumers from harm caused by scams facilitated by phone calls is a priority for Ofcom. A common tactic used by scammers is to ‘spoof’ telephone numbers to disguise the origination of the call, or to make their call appear to be from a trusted person or organisation. Where scam calls appear trustworthy, victims are more likely to share personal information or to make a payment, which can lead to significant financial and emotional harm.

We have already implemented a number of measures to make it difficult for scammers to use UK telecoms networks to harm consumers. These include:

  • requiring operators to block numbers that are never intended to make outbound calls and are recorded in the Do Not Originate (DNO) list;
  • requiring operators to identify calls from abroad which spoof a UK fixed Network Number and block them; and
  • tightening the requirements on operators to carry out appropriate due diligence when sub-allocating numbers to other UK operators.

We are concerned that some of the scam calls which are received by UK consumers may come from scammers who are spoofing +447 (UK mobile) numbers.  This call for input (CFI) builds on our programme of work to reduce the harms caused to consumers by scam calls.  In our Calling Line Identification (CLI) authentication assessment and future roadmap, published in February 2024, we noted that we would explore options for blocking calls or preventing calls from abroad presenting a spoofed UK mobile number.    We are now investigating whether we should change our rules, or consider other measures, to fix this issue, and this document sets out our initial thinking.

Ofcom sets out the requirements for the display of CLI Data in the General Conditions of Entitlement (GCs), under GC C6. The CLI Guidance sets out what is expected of providers to comply with GC C6. This includes guidance on blocking calls from outside of the UK which use a UK CLI. Our current rules do not, however, address inbound international calls spoofing UK mobile numbers. This is because our current blocking guidance specifically sets out an exemption for calls from abroad which are made with a UK mobile CLI from a +44 range. One of the reasons for this exemption is to allow UK roamers who are calling back home to have their number recognised when they are calling friends and family. The scope of this CFI is limited to considering this exemption in our CLI Guidance. 

The NICC has also been working to find technical solutions to address this issue by identifying legitimate UK roamers and blocking or reducing calls which spoof UK mobile numbers, but has not yet reached a conclusion on a preferred approach.  We will continue to work alongside the NICC on this matter.

There are two broad technical solutions being actively explored both in the UK and abroad. One group of options under consideration involves the provider that is bringing the call into the UK (referred to in this document as the ‘international gateway provider’) proactively undertaking checks to ascertain whether a specific number calling from abroad is indeed roaming. The second group under consideration involves the international gateway provider identifying mobile calls coming from abroad, modifying the data associated with such calls, and then usually forwarding them to the caller’s home mobile network, where further validation checks may take place.

However, there is no clear consensus across industry on the preferred solution. Our evidence on the scope and scale of the problem of calls spoofing UK mobile numbers is also limited. Anecdotally, industry has told us that, as we have closed other spoofing routes, scammers are moving to spoof UK mobile numbers. This means that, while current volumes of such calls may be low, there is a risk that scammers will exploit this opportunity further in the future.

We are therefore publishing this CFI to seek initial views and evidence on the effectiveness, costs, risks and timescales of different options to address spoofed UK mobile numbers. We are also seeking further information on the scope and scale of the problem to help inform any proportionality assessment.

This CFI closes for responses on 23 September 2024. We will use responses, together with a programme of stakeholder engagement and information gathering, to ascertain whether or not to consult on a preferred option. If we decide that we need to introduce new regulation on this issue, we anticipate consulting in Spring 2025.

Responding to this call for input

Please submit further consultation responses using the response form.

How to respond

Address

Cat Kelly
Ofcom
Riverside House
2A Southwark Bridge Road
London SE1 9HA

Back to top