Spoofed Phone Number Check UK

Caller ID is trivial to fake. Spot the three dominant UK spoofing variants in 2026 — genuine-bank-number spoofing, international-with-UK-area-code display, and neighbour spoofing — with the verification rules that defeat them all.

Last reviewed: 13 May 2026 · ScamSupport research

Paste a suspicious phone-number message or transcript here

Free phone-scam checker — runs entirely in your browser. Nothing leaves your device. Returns a verdict in under 5 seconds.

Open the message checker →

The single thing to understand about UK caller ID in 2026

The phone number displayed on your screen when an incoming call arrives is not verified. It is metadata supplied by the caller’s VoIP / SIP provider. With a free or cheap account at a number of overseas VoIP providers, anyone can set the displayed number to anything they want — their actual physical phone, your bank’s real fraud-line number, HMRC, Report Fraud, your neighbour, or even your own mobile number. The UK telecoms standard (CLI — Calling Line Identity) was designed in an era before mass VoIP fraud and was never updated to require authentication.

Ofcom estimates that hundreds of millions of UK calls per year include spoofed caller IDs. Some are legitimate (a hospital displaying the main switchboard rather than the doctor’s desk extension; a delivery driver displaying the depot rather than their personal mobile). Most spoofed calls received by UK consumers in 2026 are scams.

The defence is simple: never use the displayed caller ID as evidence the call is genuine. Verify via a known-good channel before acting. This page covers the three dominant UK spoofing variants and the practical verification rules.

Three caller-ID spoofing variants currently in circulation

Variant 1 — Genuine UK bank / HMRC / Report Fraud number spoofed

How it presents: An incoming call shows the caller ID matching your bank’s real fraud-line number printed on the back of your card (e.g. NatWest: 0345 600 2230; Barclays: 0345 734 5345). Or it displays HMRC’s real public number (0300 200 3300), or Report Fraud (0300 123 2040). The caller invokes the trust the real number commands: “This is the Barclays fraud team. We’ve detected suspicious activity on your account”. The script then steers toward the “safe account” transfer or remote-access install.

Red flags:

  • The number is real but the call is not. Caller-ID spoofing exploits the trust the displayed number earns. The number itself doesn’t prove anything — only a callback on that number proves the call was genuine.
  • The standard rule: hang up and call back. Wait 2-3 minutes after hanging up (this avoids call-clearing-down delays where the scammer can stay on the line silently), then dial the number from the back of your card. Real banks welcome the callback; scammers cannot survive it.
  • Bank fraud teams never ask you to move money to a “safe account”. The phrase “move it to a safe account in your name” is the diagnostic feature of UK APP fraud. Real fraud teams freeze the threatened account, not your savings.
  • HMRC does not phone unsolicited demanding payment. Real HMRC contact is by letter or via your gov.uk Personal Tax Account. Any HMRC phone call demanding payment by card / gift card / bank transfer is a scam.
  • Report Fraud is a reporting service, not an investigation team that phones victims. Calls from someone claiming to be Report Fraud demanding action are spoofed.

Variant 2 — International call displayed as UK area code (or unknown UK number)

How it presents: A call appears to come from a UK landline (e.g. 020 7xxx for London, 0161 for Manchester, 0131 for Edinburgh) or an unknown UK mobile (07xxx). The actual call originates from a foreign VoIP gateway, with the UK number set as displayed CLI to bypass instinctive caution about international calls. Common in tech-support scams, romance scams, and pig-butchering pivot calls.

Red flags:

  • Foreign accent + UK number display. Not diagnostic alone (many UK businesses outsource call centres), but combined with other signals it’s consistent. Legitimate UK businesses generally identify themselves at the start of the call.
  • Generic identification. “Hello, this is the technical department”, “customer services calling” without naming the company at the start. Real organisations identify themselves precisely.
  • The caller refuses to be called back. Real businesses provide a callback option. Scammers either say “we’ll call you straight back” (they won’t) or insist the case must be resolved on this call.
  • Background noise inconsistent with the displayed location. A “London branch” call with a busy international call-centre background is signal. (Conversely, a quiet, professional background is not evidence the call is real — scam operations also have quiet rooms.)
  • Look up the number on who-called.co.uk or UK Trust Score. Crowdsourced UK number databases. If the number has multiple recent scam reports, you have your answer.

Variant 3 — Neighbour spoofing (caller ID similar to your own)

How it presents: An incoming call shows a number whose first 5-7 digits match yours. If your mobile is 07700 900 123, the spoofed call shows 07700 900 845 or 07700 901 042. The hope is recognition triggers a callback (“maybe a neighbour’s phone, maybe someone I know”), or simply that a familiar prefix lowers your scam suspicion enough to answer.

Red flags:

  • Numbers similar to your own from numbers that aren’t in your contacts. Real local connections are usually saved in your phone. An unrecognised same-prefix number is increasingly likely spoofed.
  • The caller has no specific identifier for you. They ask “is that John?” or “hi, it’s me” — trying to extract your name to use later in the script.
  • Once answered, the script is identical to other variants. Bank fraud alert / HMRC / tech support / family emergency. The neighbour-prefix is just a different delivery mechanism for the same scams.
  • Don’t call back unknown same-prefix numbers without verification. If a neighbour really needs to reach you, they’ll leave a voicemail or follow up another way.
  • Some carriers offer neighbour-spoofing detection. EE, O2, Three, Vodafone each have varying levels of call-filter capability that flag known-spoofed-pattern numbers. Enable network-level filtering in your account settings.

The verification rules that defeat caller-ID spoofing

  1. Treat the displayed number as unverified. The whole point of this page: the number on your screen is metadata supplied by the caller, not authenticated by the network. It is not evidence the call is genuine.
  2. Hang up and call back on a known-good number. Wait 2-3 minutes between hanging up and calling back (some VoIP setups keep the line open from the scammer side after you hang up; the wait ensures you reach a real dial tone). Use the number on the back of your bank card / from the organisation’s real website typed into your browser yourself.
  3. For bank-fraud variants: the “safe account” phrase is the test. Real bank fraud teams never tell you to transfer your money to another account — for your safety or any other reason. Any “move it to a safe account” instruction is the scam.
  4. For HMRC / DVLA / government variants: real UK government communication is by letter or via your gov.uk Personal Tax Account / vehicle-tax service / online identity. Real HMRC never demands immediate payment by phone.
  5. Look up unknown numbers before calling back. who-called.co.uk, UK Trust Score, and (free version) Truecaller all show crowdsourced scam reports for UK numbers.
  6. Enable network-level call filtering with your carrier. Most UK networks now offer free call-filter services that block known-spoof patterns. EE Call Protect, O2 Block / Three Call Defence / Vodafone Call Defence / Sky Mobile / Tesco Mobile / Lebara / GiffGaff / BT Call Protect.
  7. Silence unknown callers on your phone. iOS: Settings > Phone > Silence Unknown Callers. Android: Phone app > Settings > Caller ID & Spam. Known contacts still ring; unknown numbers go to voicemail. Real callers leave a message.
  8. For neighbour-prefix variants: don’t call back unfamiliar numbers in your area code. Real local contacts are saved in your phone.

If you’ve already engaged with a spoofed call

  1. If you transferred money to a “safe account”: Call your bank’s real fraud line immediately on the number on the back of your card. Use the PSR Claim Wizard — PSR Mandatory Reimbursement covers up to £85,000 within 5 working days for APP fraud, which includes spoofed-call-driven scams.
  2. If you installed remote-access software: follow our Microsoft tech-support scam recovery flow — disconnect from internet, uninstall the tool, change banking and email passwords from a clean device.
  3. If you provided personal details (DOB, NI number, address): consider CIFAS Protective Registration for credit-file protection.
  4. If you paid by card: use the Chargeback & Section 75 Generator.
  5. Report the spoofed number to Report Fraud at 0300 123 2040. Ofcom and the network operators use this data to action takedowns of scam VoIP providers.
  6. Add the number to your phone’s block list. iOS: Recents > tap (i) > Block this Caller. Android: Phone app > long-press in Recents > Block.
  7. Tell other family members. The same operation often targets multiple people. A 5-minute briefing on caller-ID spoofing closes most of the risk.

Related scam guides

Use the Scam Message Scanner →