Ofcom finalises tougher rules against mobile messaging scams

UK mobile providers must block numbers, links and sender IDs linked to mobile messaging scams.

Protected smartphone blocking fraudulent texts and malicious links, illustrating Ofcom's new rules against mobile messaging scams

Ofcom has finalised new rules requiring mobile providers to block, limit and disrupt mobile messaging scams, alongside strengthened guidance to tackle international calls that spoof UK mobile numbers.

The regulator said criminals increasingly use text messages and business messaging services to impersonate friends, companies and public bodies, pressuring victims to transfer money, disclose sensitive information or click malicious links.

Fraud accounted for an estimated 45% of reported crime incidents in England and Wales, with £1.28 billion lost to criminals in 2025. Ofcom also found that 40% of UK mobile users had received at least one suspicious message during the previous three months.

The measures target two main forms of messaging fraud: person-to-person messages sent through SIM cards and mass business messages distributed through commercial messaging infrastructure.

For person-to-person scams, mobile providers must collect intelligence on fraudulent messages, malicious links and phone numbers from customers and anti-fraud organisations. They must use that information to block numbers associated with scammers and stop messages containing malicious links or phone numbers from being delivered across their networks.

Providers must also impose volume limits on pay-as-you-go SIM cards, making it harder for criminal groups to send large numbers of fraudulent messages. The measures complement the government’s proposed ban on SIM farms and commitments made by operators under the Fraud Sector Charter.

Business messaging providers and aggregators must carry out initial and ongoing Know Your Customer (KYC) checks on organisations sending messages and monitor their activity through Know Your Traffic controls.

Providers will also verify alphanumeric sender IDs, which display company names instead of telephone numbers. The checks are intended to prevent scammers from impersonating trusted businesses, delivery services and government agencies.

Where providers identify fraudulent messaging activity, they must investigate its source, apply incident management procedures, and block malicious sender IDs, links and telephone numbers. Companies that fail to carry out appropriate checks may also face regulatory action.

Ofcom has separately strengthened its guidance on international calls that spoof UK mobile numbers. Telecoms companies should withhold the caller ID for calls that appear to originate from a UK mobile number roaming abroad unless they can verify that the number is genuine.

The regulator said spoofing makes overseas calls appear more trustworthy and increases the likelihood that potential victims will answer. However, it cautioned that legitimate organisations may also use withheld numbers, meaning users should continue to assess unexpected calls carefully.

Mobile providers already block more than 600 million suspected scam messages each year, but Ofcom said inconsistent protections across the sector continue to leave consumers exposed.

Consumers can report suspicious calls and messages by forwarding them to 7726, enabling mobile operators to update their fraud-detection and network-protection systems.

Why does it matter?

The new rules shift greater responsibility onto mobile providers to prevent scams before they reach consumers. By requiring stronger customer verification, sender authentication, network-level filtering and SIM controls, Ofcom is moving fraud prevention further upstream rather than relying primarily on users to recognise suspicious messages.

The measures also reflect a broader regulatory trend towards placing more accountability on communications providers to combat digital fraud. If successful, the framework could reduce large-scale messaging scams while serving as a model for other jurisdictions seeking to strengthen telecoms security.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!