How to stop number spoofing in the UK (and what you can't stop)

If scam calls seem to come from your own number, a local number, or a trusted organisation, you're seeing caller-ID spoofing — where a caller fakes the number that shows on your phone. It's one of the most unsettling scam tactics, because the number you've always treated as proof of identity turns out to be trivially easy to fake. The hard truth up front: you cannot directly 'stop' spoofing of your number, because the spoofing doesn't happen on your phone or your account — it happens in the network or software the scammer uses, which you have no control over. But that's far from the end of the story. There's a great deal you *can* do: protect yourself from spoofed calls aimed at you, limit the fallout when your number is the one being spoofed, and rely on UK measures designed to cut spoofing down over time. This guide explains what spoofing is, what you genuinely can and can't stop, and exactly how to respond.

#What is number spoofing?

Number spoofing is when a caller deliberately falsifies the Caller Line Identification (CLI) — the number that appears on your phone's screen — so it shows something other than the line they're really calling from. The technology that routes calls was never designed to guarantee that the displayed number is genuine, and modern internet-based calling makes it cheap and easy to set the 'from' number to almost anything. So a scammer can make a call appear to come from your bank's real number, a local landline, a government department, or even your own mobile number. There's nothing about the call itself that lets your phone verify the claim; the number is simply a label the caller attached, and spoofing exploits the fact that, historically, that label was trusted. Our spoofed UK numbers guide goes deeper into how the technique works at a technical level.

Scammers spoof numbers for two main reasons. First, to appear trustworthy: a call that displays your bank's genuine number, or a familiar local area code, is far more likely to be answered and believed than an unknown or obviously foreign one. This is the engine behind 'bank impersonation' and many official-sounding scams. Second, to hide their identity and dodge blocking: by constantly changing the displayed number, scammers evade simple blocklists and make themselves hard to trace. A particularly disorienting variant is 'neighbour spoofing', where the displayed number closely matches your own (same area code and first few digits) to seem local and familiar. Understanding that the number is just a changeable label — not proof of anything — is the single most protective idea in this whole topic.

#Why you can't directly 'stop' spoofing

The most important — and most frustrating — thing to understand is that spoofing of your number is not something you can switch off, because it doesn't involve your phone or your account at all. When a scammer spoofs your number, they're not accessing your device, your SIM, your account or your contacts; they're simply telling the network to *display* your number as the caller ID on calls they make from their own equipment. Your phone plays no part in those calls. This is why the common, panicked questions — 'how do I stop people using my number?', 'has my phone been hacked?', 'do I need to change my number?' — mostly have reassuring but counter-intuitive answers: there's nothing on your phone to fix, because nothing on your phone was used. Changing your number rarely helps either, as the scammer would simply pick another number to spoof, and you'd lose your number for nothing.

This doesn't mean you're powerless — it means the power lies in the right places. The job of actually *stopping* spoofing belongs to the phone networks and regulators, who are deploying technical measures (discussed below) to authenticate caller ID and block calls with obviously faked numbers. Your role is different but still important: protect yourself from spoofed calls that target you, handle the fallout calmly if your number is being spoofed, and report incidents so networks and regulators can act. Reframing the problem this way — from 'how do I stop it?' to 'how do I stay safe and help the people who can reduce it?' — turns a helpless feeling into a clear plan.

#How to protect yourself from spoofed calls

Whatever number shows on your screen, the defences against a spoofed call are the same, and they all flow from one principle: the displayed number is never proof of who's calling. Treat caller ID as a hint, not a fact.

1. 1

   Never trust the displayed number

   Even if it shows your bank, HMRC, the police or a local number, treat it as unverified. Spoofing means the number proves nothing about who's really calling.

2. 2

   Hang up and verify independently

   If a call claims to be your bank or an official body, hang up and call back on a number you trust — the one on your card, a statement, or the official website.

3. 3

   Use 159 for anything bank-related

   Dial 159 to reach your bank safely. It's a trusted shortcode that connects you directly, so you bypass any spoofed number entirely.

4. 4

   Never share codes, PINs or passwords

   No genuine organisation will ask you to read out a one-time code, full PIN or password on a call — spoofed or not. A request for these is the scam.

5. 5

   Resist urgency and pressure

   Spoofed calls rely on panic ('your account is at risk, act now'). Slow down — genuine organisations are happy for you to hang up and call back.

The reason this works is that it sidesteps the spoofing entirely. A scammer's whole advantage is that the number *looks* right; the moment you stop relying on the displayed number and instead reach the organisation through a channel you independently trust, the spoof becomes worthless. You'll be talking to the real bank, the real department, the real company — and if the original call was genuine, you've lost nothing but a minute. Our is this number a scammer? guide expands on the single most reliable test: a real organisation is always happy for you to hang up and verify, while a scammer will try to keep you on the line.

#What to do if your number is being spoofed

If you're getting calls or texts from strangers who say *you* called or texted *them* — often angrily — your number is being used as the spoofed caller ID for someone else's scam campaign. It's distressing, but understanding what's happening makes it manageable. First, don't panic and don't assume you've been hacked: as explained above, your phone and account aren't involved, so there's nothing on your device to clean. Second, don't answer or return calls from the angry strangers if you can avoid it — but if you do speak to them, calmly explain that your number is being spoofed by scammers and that you didn't call them; most people have heard of this and will understand. Third, don't change your number as a first resort: it's a big disruption, the scammer would just spoof a different number, and the spoofing of yours will usually stop on its own once the scammers move to a fresh number, which they do constantly.

1. 1

   Stay calm — you're not hacked

   Your number being spoofed doesn't mean your phone, SIM or account is compromised. There's nothing on your device to fix.

2. 2

   Explain to anyone who contacts you

   If people say you called them, calmly explain your number is being spoofed by scammers. Most will understand — it's increasingly common.

3. 3

   Report it

   Report to Action Fraud, and tell your network provider. Reporting helps the bodies that can actually act against spoofing campaigns.

4. 4

   Consider a voicemail note

   A short voicemail greeting saying your number may be spoofed and you didn't call can reassure people who ring you back.

5. 5

   Only change your number as a last resort

   Spoofing of your number usually stops when scammers move on. Changing your number is disruptive and rarely necessary — give it time first.

It helps to remember that this is temporary and impersonal. Scammers cycle through huge quantities of numbers to spoof, picking them more or less at random and discarding each as it gets reported and blocked. Your number wasn't targeted because of anything you did, and it will almost certainly stop being used within a relatively short time as the campaign moves on. In the meantime, the practical steps above — staying calm, explaining to anyone who contacts you, and reporting — cover everything within your control. For the wider picture of how to research and report suspicious numbers, see our who called me and report a scam call guides.

#What the UK is doing about spoofing

While individuals can't stop spoofing directly, the UK is tackling it at the network and regulatory level, and these measures are steadily making spoofing harder. Ofcom has tightened the rules on Calling Line Identification (CLI), requiring providers to do more to identify and block calls where the caller ID is clearly invalid or spoofed — for example, calls that appear to come from numbers that aren't validly allocated, or from abroad while displaying a UK number. Providers are increasingly blocking obviously spoofed and invalid calls before they reach you, and there's ongoing work towards CLI authentication — a longer-term technical effort (akin to systems used elsewhere) to cryptographically verify that a displayed number genuinely belongs to the caller, so that a faked number can be detected and rejected by the network itself.

These measures won't eliminate spoofing overnight, but they're shifting the balance: more spoofed and nuisance calls are being filtered out at the network level than a few years ago, and the long-term direction is towards caller IDs that can actually be trusted. Your reports feed directly into this effort — when you report spoofing to Action Fraud, forward scam texts to 7726, and complain to Ofcom about persistent nuisance calls, you're giving the bodies that can act the data they need to identify campaigns, block sources and refine the rules. So while it can feel like reporting achieves nothing in the moment, in aggregate it's a meaningful part of how spoofing gets reduced. Our spoofed UK numbers guide covers the technical background to these measures in more depth.

#Reducing nuisance and spoofed calls reaching you

Although you can't stop spoofing at source, you can reduce how many unwanted calls — spoofed or otherwise — actually disturb you. Modern phones let you silence calls from unknown numbers so they go to voicemail rather than ringing through; genuine callers will leave a message, while most scam calls won't. You can block specific numbers, though against spoofing this is limited (since the number changes), it still helps against persistent single-number nuisances. Network-level call protection is increasingly offered free by the major UK providers — features that flag or block suspected scam and nuisance calls automatically, so it's worth checking what your provider offers and turning it on. And registering with the Telephone Preference Service cuts compliant marketing calls, trimming the legitimate noise even though it won't deter scammers who ignore the rules.

Layered together, these tools meaningfully cut the volume of unwanted calls reaching you, even though none of them 'stop spoofing' as such. The mindset that ties it all together is the one this guide keeps returning to: stop treating the displayed number as proof. Once you've internalised that any number can be faked — your bank's, a local one, even your own — you stop being vulnerable to the core trick, and the technical tools simply reduce how often you're bothered by attempts. That combination of a sceptical habit plus practical filtering is, realistically, the strongest position any individual can be in while the networks and regulators do the longer-term work of authenticating caller ID at the source.

#Spoofing in texts, not just calls

Spoofing isn't limited to voice calls — the same idea applies to text messages, where it's arguably even more dangerous. The 'sender' field of an SMS can be set to display a name or number rather than a real phone number, which is how scam texts appear to come from 'HMRC', 'Royal Mail', your bank, or a short brand name. Worse, because phones group messages by sender, a spoofed scam text can drop straight into a legitimate message thread from your bank or a delivery company, sitting right beneath genuine messages and inheriting all their apparent credibility. Someone glancing at a thread that already contains real texts from their bank has every reason to trust a new message in the same conversation — which is exactly why this technique is so effective and so worth knowing about.

The defence is the same principle applied to texts: the sender label proves nothing, and no legitimate text will ask you to tap a link to 'verify', 'pay' or 'avoid a penalty'. Treat any link in an unexpected message as suspect, never enter card details or passwords on a page reached from a text, and if a message claims to be from an organisation, reach them through their official app or website instead. You can forward suspicious texts free to 7726 so your network can investigate the source. The fact that a scam text appears in a 'real' thread is not evidence it's genuine — it's evidence the sender was spoofed. Our scam numbers guide covers the common smishing scripts these spoofed texts use, so you can recognise them at a glance. For more on identifying and checking suspicious numbers behind these messages, our reverse phone lookup guide walks through the practical steps.

#Why spoofing is possible in the first place

It's natural to wonder how this is even allowed — surely the phone network should guarantee that the number shown is real? The answer lies in how the global telephone system evolved. The protocols that route calls and pass along caller ID were designed decades ago, in an era of trusted, tightly-controlled national networks, when there was little reason to suspect anyone would deliberately falsify the originating number. Caller ID was conceived as helpful information, not a security feature, so the system simply passes along whatever number the originating equipment claims — with no built-in mechanism to verify it. The rise of cheap internet-based calling (VoIP), which lets almost anyone set the displayed number programmatically, turned that long-standing weakness into an easily-exploited one, and scammers were quick to take advantage.

Fixing this is genuinely hard because it means retrofitting verification onto a vast, interconnected global system built on the assumption of trust — and a call may cross several networks and countries before reaching you, each of which has to cooperate for any authentication scheme to work end-to-end. That's why the solution is gradual and collaborative rather than a single switch that can be flipped: networks and regulators are progressively introducing standards to authenticate caller ID and block calls with clearly invalid numbers, but full coverage takes time precisely because of how distributed and legacy-bound the system is. Understanding this helps explain why spoofing persists despite obvious harm — it's not negligence so much as the slow, difficult work of securing infrastructure that was never designed with today's threats in mind. In the meantime, the personal defence remains constant: judge the call or text by what it asks of you, not by the number it displays, and check anything suspicious using our who called me approach.

There's also a reassuring corollary to all this. Because spoofing is a weakness of the *display* rather than a compromise of your line, it cannot, by itself, be used to take over your number, intercept your calls, or access your accounts — it only changes what label appears on someone else's outgoing call. The harm comes entirely from people being persuaded to act on that fake label: to hand over a code, click a link, or transfer money. That means the single habit of not trusting the displayed number neutralises the entire technique, regardless of how the underlying systems evolve. No software update, number change or account reset on your part is required — just the steady refusal to treat a number on a screen as proof of identity, combined with verifying anything important through a channel you've chosen yourself rather than one that was handed to you in a call or text.

#Bottom line

Caller-ID spoofing lets scammers fake the number on your screen — including your bank's, a local number, or your own — and you can't directly stop it, because it happens in the caller's network or software, not on your phone or account. If your number is being spoofed, your phone isn't hacked and changing your number rarely helps; stay calm, explain it to anyone who contacts you, and report it. The real defence against spoofed calls is to never trust the displayed number: hang up and verify through official channels, dial 159 for banks, and never share codes or PINs. UK measures like CLI authentication and network blocking are reducing spoofing over time, and your reports help. For more, see spoofed UK numbers and is this number a scammer?.