Scam Alert: Criminals Are Spoofing the Number You'd Call to Report a Scam
There's a detail in this week's City of London Police warning that most people will skip past. Criminals have been spoofing the phone number of Report Fraud — the official service you'd call to report being scammed. So the number shows up on your phone looking legitimate, and if you call it back, you're ringing the scammers.
The City of London Police issued an alert this week after receiving more than 260 calls in just a few hours from people who'd been hit by spoofed numbers. That one's the main story, but there are two more doing the rounds right now worth knowing about.
1. Calls spoofing the fraud reporting service itself
You get a call, the caller ID looks official — sometimes it's a police number, sometimes Report Fraud's own number. They tell you your bank account has been compromised and you need to act now. You hang up. You check your missed calls and ring back. You're back through to the same criminals.
This is number spoofing used at its most cynical. The technology to fake a caller ID is cheap and widely available. There's no technical protection stopping a scammer from displaying any number they like on your screen.
Detective Superintendent Anna Rice from the City of London Police said it clearly: if you get an automated message telling you to press a number, hang up immediately. For any call claiming to be from the police or Report Fraud, find the real number yourself on the organisation's official website, then ring that. Not the number in your missed calls. Not the number the caller gives you.
Report Fraud's actual number is 0300 123 2040. If someone rings you claiming to be from them, you can always verify by hanging up and calling that number yourself from scratch.
2. A fake Aldi advert appearing in Google search results
Which? flagged this on 25 June: a fraudulent advert is appearing in Google search results that leads to a copycat Aldi website. Once you land on the cloned site, it asks for your payment card details. The branding looks right, the layout looks right, and there's nothing obviously off unless you check the URL carefully.
Google's ad system lets anyone pay to appear at the top of search results. A familiar logo or brand name in the headline doesn't mean the ad is from the real company. Before entering card details on any retail site, look at the address bar. The domain should match exactly — aldi.co.uk, not aldi-discount.co.uk or aldioffer.com or anything else with extra words around it.
If you spot a dodgy Google ad, click the three dots next to it, select "feedback" then "something else" and report it. You can also report copycat websites to the NCSC at ncsc.gov.uk.
3. Automated housing repair calls from spoofed landlines
Also flagged by Which? this week: an automated call from what appears to be a London landline, claiming to be from "housing repairs." The goal is personal information — your name, address, date of birth — which is then used for fraud or sold on to other criminals.
The script varies, but common versions claim to be arranging a repair appointment, or offer compensation for a missed appointment. Say yes to the compensation angle and they'll ask for your bank details to pay you. There's no repair. There's no compensation.
Your council or housing association will always be able to confirm a real appointment through their main switchboard. If you get an unexpected call about a repair you didn't ask for, hang up and ring the council or housing association yourself using the number from your paperwork or their official website.
If it's already happened
If you've given out personal details, shared bank information, or let someone have remote access to your computer:
- Call your bank immediately. The number on the back of your card. Most UK banks have 24-hour fraud lines and they're used to this.
- Change your email password first. Then everything else. Email is the key scammers use to reset all your other accounts.
- Run a full scan with Windows Defender or your antivirus. See my post on whether you actually need antivirus for what I'd recommend.
- If someone had remote access to your PC, don't assume a scan is enough. Remote-access tools leave a path in that's not always obvious. Get it looked at.
- Report it to Report Fraud on 0300 123 2040 or at reportfraud.police.uk. You'll get a crime reference number, which your bank will ask for.
If you gave out personal details, it's worth checking your credit file too. Free services like ClearScore or Experian's free tier will show if any new accounts or credit applications have been made in your name.
How to report
- Scam text → forward to
7726(free on all UK networks, spells SPAM) - Scam email → forward to
report@phishing.gov.uk - Scam website → report at ncsc.gov.uk
- Fraud → Report Fraud on
0300 123 2040or reportfraud.police.uk
The volume of reports genuinely matters. It's what drives spoofed numbers getting blocked by networks and fake sites getting taken down quickly.
If you've had someone remote into your PC and you're not sure your machine is clean, get it checked properly. I handle virus and malware removal in St Helens — if something was installed or accessed while a scammer had control, I can find it and sort it.
Mark has been fixing computers since the late '90s and went self-employed in 2008. Based in St Helens since 2013, he works evenings and weekends from his home in Laffak — friendly, affordable repairs for PCs, laptops, and Macs. See reviews on Google
Think you've been scammed? Or had someone on your PC?
If you've let someone remote in, installed dodgy software, or just want your PC checked over — get in touch and I'll have a proper look.
★★★★★"Absolutely fantastic service from Local Computer Guy, I was unable to help my grandparents with their computer issues after an unfortunate issue with a scammer and potential virus being installed on their machine. After a quick call I knew they were in good hands. Arrived on time and quickly wiped the machine and made it safe, also helped investigate what had happened and helped my grandparents get using their computer again."
— Joe Gempton, via Google