New rules to protect people and businesses against mobile messaging scams

• 100 million suspicious messages reported to mobile providers last year
• New Ofcom rules designed to block, limit and disrupt mobile scammers

Mobile phone users are set to be better protected from messaging scams, under new rules proposed by Ofcom for mobile providers to follow.

Fraudsters can exploit mobile messaging services to reach victims on a massive scale, manipulating them into making payments or sharing sensitive information. People and businesses lose money and suffer either nuisance or distress due to scam messages.

Half of UK mobile users (50%)¹ said they received a suspicious message between November 2024 and February 2025 via text or iMessage. An estimated 100 million suspicious messages were reported to mobile operators through the 7726 service in the year to April 2025. ²

To tackle this problem, we are today announcing a comprehensive package of planned measures, significantly driving up protections and building on the most effective existing initiatives.

How scammers exploit mobile messaging

Criminals use mobile messaging services to target potential victims in two main ways. Sometimes they may impersonate a friend or family member texting from a different number, often asking for money in a fabricated emergency situation. These are person-to-person messaging scams.

Alternatively, scammers may impersonate a legitimate business, like a parcel courier or government agency – to trick people into clicking on fake links to make payments or share sensitive information. These are business messaging scams.

New rules to thwart scammers

Many mobile providers have taken steps in recent years to identify and disrupt these types of scam messages, blocking an estimated 600 million plus each year.³ Despite this action, scam messages continue to cause significant harm and distress to victims and we expect industry to do even more to protect people and business.

To tackle person-to-person messaging scams, we are proposing that mobile providers must:

• set volume limits for pay-as-you-go SIM cards. This will make it harder for scammers to message large numbers of potential victims at once;
• block numbers used by scammers. Providers must use scam reports from customers and third parties – such as law enforcement – about phone numbers and web links that are being used to perpetrate scams. They must then prevent scammers from sending messages from these numbers;
• block scam messages in transit. Providers must identify and block scam messages being carried on their networks by detecting malicious sender IDs, weblinks, and phone numbers.

To disrupt business messaging scams, we are proposing that mobile operators and ‘aggregators’ that transmit businesses’ mobile messages must:

• conduct upfront and ongoing due diligence checks. Effective “Know Your Customer” checks must be carried out on new business message senders to prevent criminals from sending mass texts. Similarly, “Know Your Traffic” checks should be completed, including reviewing account activity and promptly investigating reports of fraud;
• prevent use of fake sender names (known as Alphanumeric Sender IDs). Providers must corroborate business message senders’ Sender IDs, which show who a business mobile message came from, against information they’ve gathered about the business (to check, for example, that a business that purports to be hairdresser is not sending parcel delivery messages - indicating a scammer). They must also maintain a policy on protected sender ID lists and generic sender IDs (such as ‘customer service’);
• apply incident management processes. Where scam activity is identified, root out criminals who are using business messaging services and hold companies to account where they have not conducted appropriate checks; and
• block scam messages in transit. Providers must act on scam reports from users and third parties to detect and block malicious weblinks and phone numbers.

These practical measures are designed to further disrupt scammers, raise the bar across the mobile industry and address current gaps in protection for consumers and businesses. We expect them to reduce the number of scam messages that people and businesses receive.

Amy Jordan, Ofcom’s Strategy Delivery Director, said: “Messaging scams can have a devastating impact on their victims. Our plans will ensure that mobile firms consistently apply proven measures to thwart these crimes. That means locking scammers out of networks and blocking hundreds of millions more scams from getting through to people and businesses each year.”

We are inviting feedback on our proposals by 28 January, and we expect to publish our final decision in the summer.

How to report a scam

Tackling scams is a complex problem requires a coordinated effort from the police, Government, other regulators and industry.

Everyone can help combat scam messages by reporting them to 7726. Mobile providers use these reports to monitor scam activity and update their network protections.⁴

Notes to editors:

1. Experiences of suspicious calls, texts and app messages, March 2025
2. 7726 is a number that people can text on a mobile device to report unwanted mobile messages or calls. Figure is an extrapolation of data reported to us by four UK Mobile Network Operators (MNOs). They reported a total of 89.8 million 7726 reports by their customers between May 2024 and March 2025, inclusive, with an average of over 10 million between December 2024 and March 2025.
3. Estimate based on an average of ~50 million messages blocked by scam detection tools deployed by mobile operators between January and March 2025, as reported to Ofcom.
4. See: How to report scam texts and mobile calls to 7726.