Ofcom says there were 45 million attempted scams in the UK last summer alone – many involve fake caller line (CLI) IDs
So UK phone companies are to make it harder for scammers to use their networks, under a range of measures proposed by Ofcom, the telecom regulator.
It reckons 45 million people were targeted by scam calls and texts last summer and almost 1 million of them followed the scammers’ instructions, risking financial loss and distress.
Last year, the UK consumers’ champion, Which?, found that communications-based fraud cost £9.3 billion through damage to victims’ wellbeing which often results in ill health and anxiety.
Ofcom says it works with communications service providers (CSPs) on blocking calls that imitate – or ‘spoof’ – phone numbers of organisations like banks and government departments, but clearly it and the phone companies are lagging woefully behind the criminals.
During the pandemic, for example, criminals texted fraudulent vaccination links and impersonated delivery companies.
Fraud from fake UK phone numbers
Now all phone networks involved in the transmission of a call will be expected to block numbers that are clearly spoofed. So why didn’t phone companies do this anyway to protect their customers is a pertinent question? The operators’ mantra is all about improving customer experience but they let customers down at this fundamental level.
Kate O’Flaherty’s deep dive into the issue of fraud via operators’ networks and finds its more lucrative than illicit international narcotics trade. Katia Gonzalez, Head of Fraud Prevention and Security at BICS noted that the use of fake numbers – where the call’s true origin is hidden – are difficult to tackle.
Ofcom says spoofed numbers can be identified in various ways. They include: calls originating abroad do not have a valid caller ID; using a number not in the UK’s standard 10- or 11-digit format; and calls appearing to be from numbers already on Ofcom’s
Do Not Originate list.
The guidance on blocking false number calls from abroad is based on an initiative developed by industry, which some providers have already implemented voluntarily. How has this not been mandatory? TalkTalk is one of them and it has reported a 65% reduction in complaints about scam calls since introducing this measure.
Scammers using real phone numbers
Ofcom is proposing new guidance to help companies prevent scammers from accessing valid phone numbers – which presumably means considerable delay before mandatory measure are in place, unless Ofcom decides again to leave it up to providers whether they bother or not.
Ofcom typically allocated millions of phone numbers in large blocks to operators and service providers which can transfer the numbers to other businesses or individuals. All phone companies are expected to take reasonable steps to stop their numbers being misused, “but these efforts can vary”.
The watchdog’s new guide “sets out clear expectations for phone companies to make sure they run ‘know your customer’ checks on business customers”. I’m feeling safer already.
They could involve checking the Companies House register, fraud risk databases and the FCA’s Financial Services Register to uncover information that may indicate a high risk of misuse by the customer seeking to use phone numbers.
Phone companies should also act to prevent any further potential misuse – such as suspending the number and reporting evidence of fraudulent activity to law enforcement. How about obliging them to act – and mighty soon?
Fighting fraud in the future
Ofcom stresses how scammers’ tactics evolve constantly and are becoming more sophisticated, hence no single solution that will stamp out scam calls.
The watchdog is now examining how technology can help prevent scam calls at source in the future – imagine!
For calls originating in the UK, this would involve the network from which the call is made authenticating the caller’s ID information before connecting them BUT don’t get excited: “this should be achievable once the UK’s transition to digital landlines is complete in a few years’ time”.
US service providers implemented STIR/SHAKEN – led by the Federal Communications Commission – on the IP parts of their networks in June 2021 to address the nuisance of spoof calls.