Ofcom and UK Phone Providers to Further Tackle Spoofed Calls UPDATE
The UK telecoms regulator, Ofcom, has today moved to strengthen their existing rules against the use of “fake phone numbers” and “spoofed calls“, which involves a proposal for phone providers (fixed line and mobile) to introduce stricter measures against “Presentation Numbers” that are used to identify who is making a call.
Most of the major broadband, phone providers and mobile network operators have already implemented technical measures to tackle Nuisance Calls and Scam Calls. But these aren’t always 100% effective and there are still plenty of operators that could do more.
In 2022 Ofcom moved to clampdown on this by requiring all telephone networks involved in transmitting calls – either to mobiles or landlines – to identify and block spoofed calls, albeit only “where technically feasible” to do so (here). The move was intended to improve the accuracy of Calling Line Identification (CLI) data, and the regulator also made it harder for scammers to access valid phone numbers by introducing additional checks.
However, scammers, such as those who make a call from abroad, can still spoof their number to make it look like the call is from a UK-based organisation, when in fact they are calling from another country (this is something that we suspect many of our readers will have experienced). The change today is designed to make that harder.
Ofcom’s Rule Extension
In this consultation, we are proposing to update our Calling Line Identification (CLI) Guidance to confirm that providers are expected to identify and block calls from abroad that use a UK geographic or non-geographic telephone number as a Presentation Number, except in a limited number of legitimate use cases.
This update should remove a loophole through which scammers can spoof a UK number from abroad (making it look like the call is coming from a UK-based organisation) and connect these calls to UK users.
Just to be clear. There are generally two numbers associated with an incoming call: the Network Number, which identifies where the call is being made from; and the Presentation Number, which identifies who is making the call. In most cases the Network and Presentation Number are the same, but there are some scenarios where a caller may wish to display a different number to the line the call is being made from (e.g. an outsourced call centre that makes calls on behalf of different businesses, or businesses which may wish to display a single number for outbound calls).
Ofcom has been working on ways of tackling the aforementioned problem, such as via CLI Authentication, for a while (here). But today’s update attempts to address this via a rule change, rather than via a specific technical solution like CLIa (that’ll probably come later, once everything has gone digital / IP-based).
The tricky part in all this stems from the inherent problem of implementing such changes without also over-blocking legitimate voice calls, which is easier said than done – particularly at a time when the UK is in the middle of a transition from analogue to IP-based (digital) phone services. As for those “legitimate use cases“..
The Exceptions
4.19 As the CLI represents the origin of a call, calls from abroad should not use UK CLI as a Network Number or as a Presentation Number, except in a limited number of use cases:
• UK mobile users roaming overseas making calls back to UK numbers, i.e. calls with a CLI from the +447 range;
• Calls to a mobile user who is roaming in the UK;
• Where the traffic has originated on a UK network;
• Where the traffic has originated from UK customers that are hosted on overseas nodes or cloud services.
Except in these use cases, calls from abroad using UK CLI should be blocked.
Aside from the risk that this may disrupt some legitimate calls, Ofcom also acknowledges that some scammers could move to spoofing UK mobile numbers instead. “We are doing further work to explore how to identify UK mobile users who are roaming abroad and, if we are able to identify a potential solution to validate legitimate roaming calls, we will consider consulting on these options in due course,” said the regulator’s consultation.
Ofcom intends to consult on all this until 28th March 2024, which means we may have to wait until later this year before they formally introduce the latest change.
UPDATE 3:37pm
By chance we noticed that Ofcom has also quietly opened an enforcement programme today related to tackling “phone and text scams“, which aims to “make sure that providers are following our rules and support best practice in relation to the use of phone numbers.” This wasn’t mentioned in their earlier consultation announcement.
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and Linkedin.
« UK ISP BT to Close Redcare Alarm Security Division in 2025 UPDATE
Latest UK ISP News
- FTTP (5669)
- BT (3552)
- Politics (2585)
- Openreach (2334)
- Business (2311)
- Building Digital UK (2265)
- FTTC (2056)
- Mobile Broadband (2022)
- Statistics (1818)
- 4G (1709)
- Virgin Media (1659)
- Ofcom Regulation (1488)
- Fibre Optic (1419)
- Wireless Internet (1412)
- FTTH (1382)
Whilst I would really welcome some changes in this area, this is not going to have the impact that Ofcom wants. They really need to introduce some more robust measures to block spoofing. Maybe remove anonymous number dialling altogether.
Some other countries have done a great job on this, effectively stamping out spam calls. The UK gets so many spam calls and many people lose a lot of money to fraudulent calls. Having much better CLI authentication would really cut out on a lot of this.
Personally speaking, I would love a feature where I could block all mobile calls bar the ones I personally greenlight in advance and block all calls without the prefix 0191 (i.e Newcastle) from ever phoning me. This seems to be the simple solution to 99% of calls. And I don’t care about that 1% of legitimate call that is blocked from banks or whatever as they nowadays do everything over their apps
On an Android phone set your phone to do not disturb, select allow calls from your phone book to ring. That just leaves the 0191 issue to sort
About time – Why is this taking so long?
Ofcom should also be targeting companies who lease out numbers to the scammers. A lot of scam calls we get seem to coming from numbers belonging to UK telecoms companies. Our phone numbers are all TPS registered so we should not be getting any calls.
Most of the time the numbers being rented out are just VOIP numbers and even then they usually lie about their use for it. If you can find out who actually owns the voip number you can report it and most of the time the companies will take it down.
I seem to recall reading (maybe on the ye olde uk.telecom newsgroup) that BT used to automatically block caller ID from outside the UK because they couldn’t trust its authenticity. Seems they were proven right.
I assume “originate from a UK network” covers those cheap calling services that would bounce the call to your neighbour around the world as it somehow saves a fraction of a penny.
“Where the traffic has originated from UK customers that are hosted on overseas nodes or cloud services.” seems like a difficult one to enforce. How would the receiving telco know if this is the case?
Yes that seemed to be the case back in the 90s, with “INTERNATIONAL” sent in the text field instead. I believe originally BT wanted to include the caller’s name as well as number, but the privacy issues rightly prevented that.
If uk.telecom and Peter Strangman were still around I’m sure we could have an authoritative answer.
A state would be to require a number to be passed. The number of organisations that hide there number is crazy. You have no idea as to whether these are real callers or scammers
Explains why they’re always from mobile numbers.
The vast majority of the spam and scam calls I’ve seen are from Manchester 0161 numbers. No idea why, but as I don’t know a single person with an 0161 number it makes them easier to ignore and block*.
*Of course that might be WHY I don’t know a single person with an 0161 number. 🙂