UK phone scams 2026 are bigger, faster and more convincing than at any point since UK call records began. Action Fraud estimates that phone-enabled fraud has cost UK victims more than £177 million in recent reporting periods, and AI voice cloning now needs as little as three seconds of audio to mimic a real person. This guide walks through the 12 phone-scam patterns dominating UK call traffic in 2026, the five red flags they all share, and a practical five-step defence checklist for households and SMEs.
Three forces have pushed phone fraud into a new gear. The first is generative AI: usable voice clones can now be trained on a 3-second sample, and “deepfake CEO” phone calls have already produced multi-million-pound losses in UK SMEs. The second is cheap VoIP: international call-origination from any country to any UK mobile or landline costs less than a penny a minute, removing the economic friction that once kept low-margin scams offshore. The third is Calling Line Identification (CLI) spoofing, where the criminal presents a UK number that looks like a bank, an HMRC office or a London landline. Ofcom’s CLI-authentication rollout, modelled on the US STIR/SHAKEN standard, is gradually closing the spoofing loophole at the UK network edge, but enforcement is staged through 2026 and into 2027.
Against that backdrop, Action Fraud consistently lists telephone fraud among the highest-volume reported crime categories in the UK. The patterns below are the ones currently producing the most reports across 2025 and into 2026, drawn from Action Fraud, NCSC and bank-industry alerts.
Typical CLI: spoofed 0203, 0207 or 0300 numbers, often with an automated robocall opener. The recorded voice claims a tax-fraud warrant has been issued in your name and instructs you to press 1 immediately. The “officer” then demands payment in iTunes vouchers, Amazon gift cards, cryptocurrency or a “bail” bank transfer. HMRC never threatens arrest by phone and never demands payment in vouchers or crypto. Forward suspect calls to [email protected] and report to Action Fraud. For the London-CLI variant, see our deep-dive on the 020 London number scam.
Typical CLI: a spoofed switchboard for Lloyds, Barclays, Santander, NatWest, HSBC, Monzo or Starling. The caller claims a fraudulent transaction has been detected and walks you through “moving your money to a safe account” they have just opened in your name. This is Authorised Push Payment (APP) fraud, the single largest category of UK consumer loss. The 2024 Payment Systems Regulator reimbursement rules give eligible victims a refund right, but stopping the transfer in the first place is always preferable.
Typical CLI: an 020, 0161 or 0117 number, usually triggered by a preceding text message claiming a parcel cannot be delivered until a small fee is paid. The callback is staffed by fluent operators who take card details “to release the parcel” and then enrol your card into Apple Pay or Google Pay on their own device. Legitimate UK couriers never charge customs through a callback line.
Typical CLI: a 0207 or 0203 number close to a real London teaching-hospital range, or a generic 0300. The caller poses as a GP secretary needing to “verify your identity” before sharing results, usually demanding full date of birth, address and the last four digits of your debit card. NHS staff never ask for payment-card details on the phone and rarely use last-four-of-card identifiers.
Typical CLI: spoofed 0808 or 0345 numbers presented as Octopus, EDF, OVO or British Gas customer-service lines. The caller claims you are owed a refund (often around £85 or £230) and asks for sort code, account number and an online-banking one-time passcode to “process the credit”. The OTP authorises an outbound payment from your account instead. Genuine energy refunds are paid automatically against the existing direct-debit mandate.
Typical CLI: prestige-sounding 0207 numbers from Mayfair, Canary Wharf or City of London ranges. The script offers pre-IPO shares, “green energy bonds”, carbon credits, crypto funds or unregulated peer-to-peer lending. Unsolicited investment cold calls are themselves an offence under the Financial Services and Markets Act. Always check any firm on the FCA’s Financial Services Register before sharing details.
Typical CLI: any UK mobile or geographic number; some operations now use 0800 freephone CLIs to look more official. The caller claims your Microsoft 365, Apple ID or Norton subscription has been compromised and walks you through installing AnyDesk, TeamViewer or Quick Assist. Once you grant access, the criminal logs into your online banking. For SMEs the same pattern can escalate into ransomware, which is why a managed-security baseline matters; see our IT managed services overview for the SME context.
Typical CLI: 070 personal-number ranges, 09 premium-rate ranges, or rare international codes such as +252, +355 or +247 designed to look domestic on a hurried glance. The phone rings once and cuts off, prompting you to ring back to a number that bills you a high per-minute charge. Our companion piece on the 070 personal-number scam covers the UK variant in detail; look up suspicious prefixes at /who-called-me/070/ and /who-called-me/09/.
Typical channel: WhatsApp message followed by a voice call from a UK mobile. The opening line is “Hi Mum/Dad, my phone broke and I’m on a new number, can you do me a huge favour…”. The “favour” is always a same-day bank transfer for a bill the supposed child cannot pay themselves. The 2024 wave used SMS only; the 2026 variant now follows up with an AI-cloned voice call to make the impersonation harder to refuse.
Typical CLI: 0800 freephone or 0300 numbers presented as a “government efficiency scheme”. The caller offers free insulation, a free boiler, or a Warm Home Discount uplift and “just needs to verify your details and energy supplier”. The harvested information is used either for identity theft or to enrol you onto an unsolicited finance agreement. Genuine government schemes never cold-call homeowners. Look up the inbound CLI on our 0800 directory.
This is the SME-specific 2026 escalation of vishing. The criminal trains a voice clone on a public LinkedIn or conference recording of a director, then calls the finance team during a known absence (often using calendar data from a compromised assistant) instructing them to push through an urgent supplier payment. Losses of £25k to £200k per incident are now routine in mid-market UK firms. Read our detailed analysis at vishing attacks on UK SMEs.
Typical CLI: mobile (07) or 0203 numbers. The script claims you are owed compensation for mis-sold PPI (“the deadline has been extended”), a holiday-sickness claim, or an accident “even if it wasn’t your fault”. The aim is to capture enough personal data to file fraudulent claims in your name. The PPI claims window closed in 2019; any caller still claiming to extract a PPI payout is by definition fraudulent.
Regardless of which of the 12 patterns above you encounter, the underlying social-engineering toolkit is small. The same five red flags appear in almost every UK phone scams 2026 report Action Fraud receives:
Apply this routine to every unsolicited inbound call, whether to your personal mobile or your SME’s main line:
Use more than one reporting channel. Each disrupts a different part of the scammer’s infrastructure.
Our free Who Called Me lookup is a clean copy of Ofcom’s National Telephone Numbering Plan, refreshed every Wednesday. For each inbound CLI you can see the Ofcom-allocated block (1,000-number granularity), the original Communications Provider (BT, Gamma, Vonage, Voxbone and others) and an anonymous count of how many UK users have looked the number up in the last 90 days. For the patterns most associated with scams in 2026, these drill-down pages are useful starting points:
Authorised Push Payment (APP) bank-impersonation fraud is the single largest category by financial loss, while the HMRC tax-arrest robocall is the most common by call volume. Both rely on spoofed UK Calling Line Identification, urgency and an impersonated authority figure. Together they account for the majority of phone-related fraud reports filed with Action Fraud in 2025 and the first half of 2026.
Yes. Calling Line Identification (CLI) is set by the originating carrier and is trivial to override on most international VoIP gateways. Ofcom’s CLI-authentication rollout, modelled on the US STIR/SHAKEN standard, is gradually requiring UK networks to verify and block obviously invalid CLIs at the edge, but enforcement is staged through 2026 and 2027 and many spoofed numbers still get through.
Answering itself is harmless. The risk comes from acting on information shared by an inbound caller. If you do answer, say nothing first, let the caller open the conversation, and never confirm personal details, OTPs, account numbers or remote-access codes. Hanging up and ringing back on a published number is always safer.
No. The Telephone Preference Service stops UK-based legitimate marketing calls only. Criminals already operate outside the law and ignore TPS. Registering is still worthwhile because the remaining nuisance traffic is statistically more likely to be a scam, making it easier to spot.
Under the 2024 Payment Systems Regulator rules and the earlier Contingent Reimbursement Model (CRM) Code, eligible APP-fraud victims have a right to reimbursement from their bank, with limited exceptions for gross negligence. Report immediately and in writing; the speed of your report directly affects both the chance of recall and the strength of any subsequent dispute.
Use a free UK lookup such as our Who Called Me tool. Paste the full number to see the Ofcom-allocated block, the original carrier and the recent-search count. If the number sits in a reserved or unallocated range, or is on a VoIP wholesale block being used to impersonate a high-street bank, that is a strong fraud indicator.
Read one of our other resources to help you get the best telecoms and IT solutions for your business