impersonation

How Spoofed Number Scams Steal Your Identity & Money

Published by ScamCheck · 19 June 2026

Action Fraud UK has highlighted a rise in scam calls using spoofed numbers, where criminals impersonate trusted organisations to steal money or personal details. We break down the technicalities and social engineering tactics behind these dangerous vishing attacks, ensuring you know how to protect y

What Is Spoofed Number Scam Calls and Why Is It Dangerous?

Spoofed number scam calls are a deceptive form of vishing (voice phishing) where criminals manipulate Caller ID to display a phone number different from the one they are actually calling from. This allows them to impersonate legitimate organisations, such as banks, government agencies, tech support companies, or even law enforcement. The danger lies in the immediate sense of trust and urgency these calls create. Victims, believing they are speaking to a reputable entity, are often coerced into divulging sensitive personal and financial information, or even transferring money directly to the scammers.

We've analysed hundreds of such messages and calls reported by users, and the common thread is always the illusion of legitimacy created by the spoofed number. According to Action Fraud UK, there has been a significant spike in these scam calls, with criminals employing increasingly sophisticated tactics to steal money or personal details. The psychological manipulation, often referred to as social engineering, is designed to bypass your usual caution and exploit your trust in familiar institutions.

How Does This Scam Work? (Step by Step)

The mechanism behind a spoofed number scam is a cunning blend of technology and social engineering:

Scammer Obtains Your Number: Criminals acquire phone numbers through various means, including data breaches, publicly available information, or by simply dialling random sequences.
Caller ID Spoofing: Using special software or Voice over Internet Protocol (VoIP) services, the scammer disguises their actual phone number. They choose a number that belongs to a legitimate organisation they wish to impersonate (e.g., your bank's customer service number, a police station, or a government helpline).
The Deceptive Call: You receive a call, and your phone's Caller ID displays the spoofed number, making it appear as if a trusted entity is calling you.
Social Engineering Begins: The scammer, acting as a representative of the impersonated organisation, will typically invent a plausible (and often urgent) reason for the call. This could be a security alert on your bank account, a tax problem, a package delivery issue, or even an arrest warrant. They might use a script designed to create panic or a sense of urgency.
Information or Money Extraction: Under pressure, the scammer attempts to extract sensitive information like your bank account details, credit card numbers, PINs, OTPs, passwords, or even asks you to transfer money to a "safe" account, purchase gift cards, or provide remote access to your computer. Victims who reported this scam described feeling overwhelmed and rushed, preventing them from thinking critically. This credential harvesting is a primary goal for identity theft.
Disappearing Act: Once they have what they want, the scammers disappear, often changing their spoofed number or line, leaving the victim with financial losses and compromised personal data.

What Are The Warning Signs?

Recognising these red flags is crucial for protecting yourself:

Unexpected Calls from "Official" Numbers: You receive a call from a number that appears to be from your bank, HMRC, police, or another trusted organisation, but you weren't expecting it.
Urgency and Threats: The caller pressures you to act immediately, threatening consequences like account closure, arrest, or financial penalties if you don't comply.
Requests for Sensitive Information: They ask for full passwords, PINs, OTPs, or to verify your entire bank account number over the phone. Legitimate organisations rarely ask for such details verbally, especially for verification.
Demands for Unusual Payments: They instruct you to transfer money to a "safe" account, buy gift cards, cryptocurrency, or pay through unusual methods that are hard to trace.
Requests for Remote Access: The caller insists on gaining remote access to your computer to "fix" a problem or "verify" something.
Unusual Tone or Accents: While not always a definitive sign, be wary if the caller's tone is overly aggressive, unprofessional, or if they have a strong accent that doesn't match the purported organisation's location.
Inability to Verify Their Identity: When you suggest calling them back on an officially published number, they refuse or insist you stay on the line.

Scam vs Legitimate: How to Tell the Difference

Scam Behaviour	Legitimate Organisation Behaviour
Pressures you for immediate action and payment.	Provides information and time to verify before proceeding.
Asks for full PINs, passwords, or OTPs over the phone.	Never asks for full passwords, PINs, or OTPs over the phone.
Demands payment via gift cards, crypto, or untraceable transfers.	Uses secure, verifiable payment methods for transactions.
Insists you don't hang up and call back.	Encourages you to hang up and call back using official contact details.
Threatens legal action, account suspension, or immediate financial penalties.	Provides official warnings through secure channels (e.g., mail, secure online portal) and offers clear steps for resolution.

Who Is Being Targeted and Why?

According to Action Fraud UK, people over 70 are particularly vulnerable to certain types of financial scams, including those that start with phone calls. While anyone can be targeted, criminals often focus on individuals who might be less tech-savvy, more trusting of authority figures, or more susceptible to social engineering tactics. The "over 70s targeted" observation suggests that older individuals, who may not be as familiar with Caller ID spoofing technology or the nuances of online security, are frequently targeted.

The "why" is simple: financial gain. Scammers look for individuals who possess assets, may have less resistance to fear-based tactics, and might be slower to recognise the signs of fraud. They exploit natural human tendencies like trust, fear, respect for authority, and the desire to resolve problems quickly. The anonymity provided by spoofing technology makes it easier for them to operate without fear of immediate capture.

What Should You Do If You Receive This?

Your immediate actions are critical to protect yourself:

Hang Up Immediately: Do not engage with the caller. If you suspect it's a scam, simply end the call.
Do Not Trust Caller ID: Remember that Caller ID can be spoofed. Do not assume a call is legitimate just because the number looks familiar.
Verify Independently: If you are concerned, find the official contact number for the organisation the caller claimed to represent (e.g., your bank's number on their official website or the back of your debit card, not from the caller). Call them back directly using that verified number.
Never Share Sensitive Information: Do not provide bank details, passwords, PINs, or OTPs over an unsolicited call.
Report the Incident: If you have been affected or even just received a suspicious call, report it. According to Action Fraud UK, reporting is vital to help authorities track and stop these criminals.
Disclaimer: If you have been affected, report to your local cybercrime authority. In the UK, this is Action Fraud UK. In India, you can report to the National Cybercrime Reporting Portal (cybercrime.gov.in).

How Can You Stay Safe?

Prevention is always better than cure when it comes to scams:

Be Skeptical of Unsolicited Calls: Always question unexpected calls, especially those demanding immediate action or personal information.
Verify, Verify, Verify: If a call seems urgent or asks for sensitive data, always hang up and call the organisation back using a number you know to be legitimate. Do not use any number provided by the suspicious caller.
Secure Your Information: Be cautious about where you share your personal details online. Data breaches can expose your information to scammers.
Educate Yourself and Others: Stay informed about the latest scam tactics. Share information with friends and family, especially those who might be more vulnerable.
Use ScamCheck.tech: Our platform, ScamCheck, can help you identify known scam numbers and educate you on various scam types, providing an additional layer of protection. Use ScamCheck.tech to verify suspicious numbers or messages before you engage.
Report Suspicious Activity: Actively report scam attempts to help authorities and services like ScamCheck keep track of evolving threats.
Consider Call Blocking Apps: Some apps can help filter or block known scam numbers, though this is not foolproof against spoofed numbers that constantly change.

Verified by ScamCheck Research Team. Source: Action Fraud UK.

Frequently Asked Questions

Can legitimate organisations spoof their own numbers for specific reasons?

While legitimate organisations primarily use their official numbers, sometimes internal departments or specific campaigns might use slightly different but still official numbers. However, they will never pressure you for sensitive information or ask for unusual payment methods over an unsolicited call. If in doubt, always hang up and call them back on their main, publicly listed contact number.

What is Caller ID spoofing and how is it done technically?

Caller ID spoofing is a technology that allows a caller to intentionally display a different number than the one from which they are actually making the call. This is often achieved using Voice over Internet Protocol (VoIP) services, which allow users to set the outbound Caller ID to almost any number they choose. Criminals leverage this to mask their true identity and impersonate trusted entities, making their calls appear legitimate on your phone's screen.

Why do scammers often ask for gift cards or cryptocurrency?

Scammers frequently ask for payments via gift cards or cryptocurrency because these methods are largely untraceable and irreversible once the transaction is completed. Unlike bank transfers or credit card payments, which offer some level of fraud protection and a paper trail, gift cards are anonymous and digital currencies, once transferred, are extremely difficult to recover. This makes them ideal tools for criminals who want to quickly disappear with their illicit gains.

Received a suspicious message?

Paste it into ScamCheck and get an instant AI verdict — free, no signup needed.

Check it now — it's free