The telecoms regulator Ofcom has brought out new industry guidance, to combat scammers who call from abroad and imitate UK landline numbers.
Phone companies will now have to identify and block calls from abroad which falsely display a UK telephone number as a ‘Presentation Number’, except in some legitimate cases (such as call centres that make calls on behalf of numerous businesses).
Lindsey Fussell, Ofcom’s new Group Director for Networks and Communications, said: “Criminals who defraud people by exploiting phone networks cause huge distress and financial harm to their victims. While there’s encouraging signs that scam calls and texts are declining, they remain widespread and we’re keeping our foot to the throttle to find new and innovative ways to tackle the problem.
“Under our strengthened industry guidance, millions more scam calls from abroad which use spoofed UK landline numbers will be blocked – with similar plans underway for calls which spoof UK mobile numbers. We’re also challenging the industry and other interested parties to provide evidence on the best solutions to tackle mobile messaging scams.”
Telecoms providers have six months to make the changes.
The watchdog has published a Call for Input seeking views and evidence on the effectiveness, costs, risks and timescales of technical solutions to tackle scam calls from abroad which spoof UK mobile numbers. Ofcom says its rules do not require operators to block all calls from abroad with +447 numbers so that genuine calls from UK callers roaming abroad are not blocked.
Comment
Kevin Curran is a professor of cybersecurity at Ulster University and a senior member of the technical professional body the IEEE. He says: “Telephone-oriented attack delivery (TOAD) is an emerging phishing technique that combines elements of voice and email phishing to exploit victims. In these attacks, perpetrators contact the targets via the phone, impersonating officials from reputable entities to establish trust. The conversation is designed to extract sensitive data, such as login credentials or financial information. Following the call, the attacker sends an email to the victim, including a malicious link or attachment aimed at further compromising the victim’s security.
“The effectiveness of TOAD attacks lies in the attackers’ ability to manipulate social engineering principles, leveraging the perceived authority and trustworthiness of well-known organisations to bypass conventional security measures. Due to their dual-channel approach and targeting of specific individuals, people need to be extra vigilant. These attacks rely upon dynamic websites and tailored techniques which have an alarmingly high success rate, and low detection rate. Unsolicited communications which ask for personal data should be thoroughly checked. It’s also important to avoiding clicking on links or downloading attachments from suspicious emails. For those who are concerned that they have been caught out by the attackers, they should review online accounts regularly – this helps to flag signs of fraud or rogue charges.”
