Messaging, Voice & AI-Impersonation Scams UK 2026

Got a specific message in front of you right now? Use the Scam Message Scanner — paste any text, email or URL and get a verdict in under 5 seconds. Runs entirely in your browser; nothing leaves your device.

Why messaging scams are the UK’s fastest-growing fraud territory

Report Fraud’s 2025 reporting placed SMS smishing, voice / impersonation calls, and platform-DM phishing among the top three growing scam categories by volume. UK Finance’s 2025 Annual Fraud Report attributes over £460m in Authorised Push Payment (APP) losses largely to messaging-driven attacks: a fake bank alert, a WhatsApp from “Mum”, a tech-support call, a Telegram broker DM, a QR-coded parking sign. The common pattern is consistent — the criminal needs the victim to act inside a messaging or voice channel where verification is harder than in a regulated banking flow.

The single most consequential change in 2024-2026 has been AI voice cloning. Generative speech systems now reproduce a target’s voice from 10-15 seconds of public audio (a TikTok clip, a voicemail greeting, a podcast appearance). The combination of cloned voice + spoofed caller ID + a plausible “family emergency” pretext is the highest-conversion scam pattern published in current Report Fraud data.

The scam categories — pick the closest fit

📱 SMS smishing — fake texts from banks, couriers, gov.uk

The highest-volume UK messaging-scam category. Spoofed sender IDs put scam texts in the same SMS thread as real bank alerts. Mechanic is consistent: text creates urgency, you call the number in the text, the “fraud team” tells you to transfer to a “safe account”.

UK smishing pattern — how SMS scams work + the 3 rules that defeat them
Banking scam email & SMS checker
Barclays · NatWest · HSBC · Lloyds · Santander · Halifax · Nationwide · Monzo · Revolut · Starling · TSB
Royal Mail · Evri · DPD · Yodel · Parcelforce
DVLA · DWP · NHS · Gov.uk fake email check

💬 WhatsApp & Telegram — family-emergency, broker DMs, P2P crypto

Encrypted messaging apps host the highest-value attacks because they sit inside trusted personal communication channels. WhatsApp dominates family-emergency scams. Telegram dominates broker / crypto-investment introductions and P2P trading fraud.

WhatsApp scam messages UK — full taxonomy with real example messages
“Hi Mum” scam + voice cloning — the diagnostic family-emergency pattern
Family emergency scam umbrella — SMS, voice clone, grandparent / bail money
Viber scam UK — romance pivots, task-payment recruitment, Viber Out premium-rate
Signal app scam UK — crypto pivots from ‘privacy-conscious’ contacts, registration-lock recovery
Telegram & WhatsApp scams 2026 — deep-dive long-form
Telegram P2P trading safety — crypto P2P scam patterns

🎙️ Voice & AI-impersonation calls — the surge category of 2026

AI voice cloning, deepfake celebrity-endorsement audio, spoofed caller IDs, and cold-call “your computer is infected” tech-support fraud. This category has the highest growth rate in UK reporting because the underlying technology costs less and works better each quarter.

AI voice cloning scam UK — family-emergency clone, CEO impersonation, relationship clone
Deepfake scam detection UK — celebrity ads, CEO Zoom, romance video
Microsoft tech-support scam UK — cold call, browser pop-up, remote-access trap
iPhone scam call ‘from Apple’ — Apple ID, iCloud, refund patterns
‘Your computer has been hacked’ scams — sextortion, fake ransomware, pop-up panic
One-ring (Wangiri) call scam UK — premium-rate callback traps
Spoofed phone number check — caller-ID spoofing variants & verification
Who is calling: UK number lookup — reverse-lookup tools, premium-rate prefixes, carrier blockers
Smart-speaker scam UK — Alexa, Google Home, Siri / HomePod voice-assistant fraud
“Hi Mum” + voice cloning — SMS-prelude to voice impersonation

📨 Platform DMs — Instagram, LinkedIn, Facebook, Discord, TikTok

Direct-message phishing on social platforms is the dominant entry point for romance / pig-butchering / investment scams. The professional / social context softens caution; the platform’s own reporting tools usually take 24-72 hours to act, by which time the scam has typically completed.

Instagram scam DM — brand-collab, friend account-takeover, crypto-pivot patterns
TikTok scam pattern UK — Shop fakes, deepfake ads, Creator Fund DMs
Discord scam pattern UK — Nitro free-trials, crypto airdrops, Trust-and-Safety DMs
Snapchat scam UK — sextortion DMs, fake Snap+ trials, friend impersonation
LinkedIn scam messages UK — fake recruiter task-payment, mentor-pivot pig-butchering
Facebook Marketplace scams — fake seller/buyer + verification-code account takeover

📷 QR codes — the “quishing” category

Tampered QR codes on parking signs, restaurant menus, business cards, leaflets, and even legitimate-looking stickers placed over genuine codes. The QR routes to a lookalike page that harvests card details. Hard to spot without a URL preview.

QR code scam checker — the verification rules + parking / EV charging examples

The universal verification rules — apply BEFORE you reply, click, or call back

Never call a number from a message. Hang up. Call the organisation back on a number you already trust (the back of your bank card, the official website typed into your browser yourself, your saved contact). Real fraud teams welcome a callback on a verified line.
Never click a link from an unsolicited message. Real banks, couriers and government departments communicate through their app, posted letter, or the website you type directly. If you must verify a notice, open the app or type the official domain yourself.
Never read an OTP / security code on a phone call. The whole purpose of the code is to prove YOU are authorising something. If you read it to a caller, you authorise their transaction.
Apply the “family safe-word” rule. For voice / AI-cloning attacks, agree a short phrase or shared fact with close family that an AI voice clone cannot produce. The challenge-response is the simplest defeat for voice-impersonation fraud.
For QR codes, preview the URL before tapping. Modern phone cameras show the URL before navigation. If the domain doesn’t match the brand, don’t open it.
For tech-support pop-ups, never call the number on the pop-up. Real Microsoft, Apple and Google never display a phone number in a security warning. Close the browser, reboot if necessary.

If a messaging scam has already cost you money

Recovery is route-dependent — act within hours, not days:

UK bank transfer: Use the PSR Claim Wizard. PSR Mandatory Reimbursement covers up to £85,000 within 5 working days for APP fraud.
Credit or debit card: Use the Chargeback & Section 75 Generator. Credit cards £100–£30,000 are protected by Section 75 of the Consumer Credit Act 1974.
Crypto / foreign wire: Recovery is very limited. Report to Report Fraud on 0300 123 2040 and your bank. Specialised tracing firms exist but cost is high.
Voice-impersonation attack with no money sent but voice was recorded / data shared: Block the calling number, screenshot the call log, consider CIFAS Protective Registration if personal details were disclosed.
Account takeover via verification code: Run the platform’s recovery flow immediately (Spotify / WhatsApp / Telegram / Instagram). Change passwords + enable 2FA on linked accounts.

Got a specific message you’re unsure about right now?

Free message checker — paste any suspicious text, email, URL, phone number, voice message, image, QR code or .eml file. Get a verdict in under 5 seconds with the specific red flags found.

Runs entirely in your browser; nothing you paste leaves your device.

Open the message checker →