
- Ofcom announces new rules to block, limit and disrupt criminal gangs who exploit mobile messaging services to scam victims
- Robust guidance to crack down on scam calls from abroad which “spoof” UK mobile numbers
Mobile phone users will be better protected from scam text messages, under new Ofcom rules and guidance finalised today.
Criminals around the world use sophisticated mobile scams to target people and business in the UK and manipulate them into making payments or sharing sensitive information. Victims can suffer significant financial loss and distress as a result.
Fraud accounts for an estimated 45% of all reported crime incidents in England and Wales and £1.28 billion was lost to criminals in 2025 [1]. This year, four in ten (40%) UK mobile users reported having received at least one suspicious message on their mobile phone in the past three months [2].
To help tackle this problem, we are today publishing a comprehensive package of practical measures for mobile providers to adopt to block, limit and disrupt scammers. Building on existing best practice industry initiatives, these measures are designed to address gaps in protection for consumers and businesses and raise the bar across the mobile sector.
Together with the Government’s ban on SIM farms and mobile operators’ commitments under the Fraud Sector Charter, we expect our strengthened protections to significantly reduce the likelihood that people and businesses will receive scam messages.
Amy Jordan, Ofcom’s Strategy Delivery Director, said:
“Mobile messaging scams can have devastating consequences for victims, with criminal gangs using ever more sophisticated techniques to dupe their victims.
“Our new protections for consumers and businesses announced today will help ensure we remain one step ahead by disrupting and blocking this criminal activity at source. Working closely with Government, other regulators, law enforcement and industry we are confident that our collective efforts will make a significant difference in thwarting these predatory fraudsters.”
Chief Superintendent Amanda Wolf, Head of Report Fraud Operations, said:
“As the National Lead Force for Fraud, we welcome the introduction of new protective measures to help keep mobile phone users safe from fraud via spoofing calls and fraudulent messages.
“By requiring mobile providers to adopt a new, robust approach to identify and disrupt fraudulent text messages, this will help protect the public from criminals who are exploiting UK mobile numbers.
“If you've lost money or have been hacked as a result of responding to a phishing message or a fraudulent call, you should report it to Report Fraud. In England, Wales or Northern Ireland, visit www.reportfraud.police.uk or call 0300 123 2040. In Scotland, report to Police Scotland by calling 101.”
How mobile messaging scammers target victims
Criminals use mobile messaging services to target potential victims through two main routes. Sometimes they may use a SIM card to send messages: for example, to impersonate a friend texting from a different number, asking for money in a fabricated emergency situation. These are person-to-person messaging scams.
Alternatively, scammers may gain access to business messaging services, often to impersonate a legitimate business, like a parcel courier or government agency – to pressure people into clicking on fake links or call scam numbers to make payments or share sensitive information. These are business messaging scams.
New rules to stop scammers in their tracks
Many mobile providers have taken steps in recent years to identify and disrupt these types of scam messages, blocking an estimated 600 million plus each year [3]. Despite this action, scam messages continue to cause significant harm and distress to victims, and we now expect the mobile industry to do even more and ensure consistency across the sector to protect people and business.
To tackle person-to-person messaging scams, under our new rules mobile providers must collect information about scam messages, weblinks and phone number from their customers and from anti-fraud organisations. They must then:
- block numbers used by scammers and prevent criminals from sending messages from these numbers.
- block scam messages in transit by identifying and blocking scam messages being carried on their networks by detecting malicious weblinks and phone numbers.
Mobile providers must also set volume limits for pay-as-you-go SIM cards. This will make it harder for scammers to message large numbers of potential victims at once.
To disrupt business messaging scams, mobile operators and ‘aggregators’ that transmit businesses’ mobile messages must:
- conduct upfront and ongoing due diligence checks. Effective “Know Your Customer” checks must be carried out on new business message senders to prevent criminals from sending mass texts. Similarly, “Know Your Traffic” checks should be completed, including reviewing account activity and promptly investigating reports of fraud;
- prevent use of fake sender names (known as Alphanumeric Sender IDs). Providers must corroborate business message senders’ Sender IDs, which show who a business mobile message came from, against information they’ve gathered about the business (to check, for example, that a business that purports to be a hairdresser is not sending parcel delivery messages - indicating a scammer). They must also maintain a policy on protected sender ID lists and generic sender IDs (such as ‘customer service’);
- apply incident management processes. Where scam activity is identified, root out criminals who are using business messaging services and hold companies to account where they have not conducted appropriate checks; and
- block scam messages in transit. Providers must act on scam reports from users and third parties to identify and block malicious sender IDs, weblinks and phone numbers.
Cracking down on scam calls from abroad
Additionally, we are today introducing strengthened guidance setting out how telecoms companies should protect people in the UK from international calls that imitate - or “spoof” - UK mobile numbers.[4]
Criminal gangs based abroad often prey on victims by imitating UK phone numbers which people are more likely to trust and therefore answer than calls from an unknown international number.
Under our strengthened guidance, telecoms companies should now withhold the caller ID of calls that appear to come from a UK mobile roaming abroad, unless they can verify its validity.
Customers in the UK should continue to exercise caution in deciding whether to accept calls from withheld numbers, which can include legitimate and important calls, or from numbers that they don’t recognise.
Reporting scam calls and messages
Everyone can help combat scam messages and mobile calls by reporting them to 7726. Mobile providers use these reports to monitor scam activity and update their network protections.
Notes to editors
- UK Finance, 2026. Annual Fraud Report 2026. Page 12.
- Ofcom, 2026. Experiences of suspicious calls, texts and app messages, Q26, Suspicious SMS messages, RCS and/or iMessage (rebased for all mobile users). This survey was conducted in February 2026 using an online panel with a representative sample of the UK population aged 16+.
- Mobile UK
- Estimate based on responses to formal information requests, which indicated that mobile operators’ scam detection tools blocked an average of c.50 million messages each month between January and March 2025.
- This builds on our previous work to block more calls from abroad which imitate UK landline numbers.
Related content