By clicking a retailer link you consent to third-party cookies that track your onward journey. This enables W? to receive an affiliate commission if you make a purchase, which supports our mission to be the UK's consumer champion.

Revealed: the ways scammers target your mobile phone (from number-spoofing to DVLA fines)

Which? reveals how to spot a fake text and beat the scammers
Reena SewrazSenior Money and Retail editor

Mobile phones are being aggressively targeted by scammers with bogus text, Facebook and WhatsApp messages, according to new Which? research - but could you spot a fake?

Three in ten Which? members received at least one scam message on their mobile in the past six months, with senders posing as trusted organisations like HMRC, the DVLA or TV Licensing or well-known brands like Apple or PayPal.

But despite receiving these messages designed to scare, intimidate or trick victims into handing over information, two in three (66%) chose not to report the attacks.

Here we reveal the most common mobile phone scam tactics, talk to security experts about why they work, what happens when you click on a link in a scam message and how to fight back.

Be more money savvy

free newsletter

Get a firmer grip on your finances with the expert tips in our Money newsletter – it's free weekly.

This newsletter delivers free money-related content, along with other information about Which? Group products and services. Unsubscribe whenever you want. Your data will be processed in accordance with our Privacy policy


Most common mobile scams and tactics

In January 2019, we asked 10,321 Which? members about their experience of mobile scams.

Three in ten told us they had received a suspicious message on their device in the last six months. The most common way fraudsters targeted the victims in our survey was through text messages (25%), followed by Facebook Messenger (5%) and WhatsApp (3%).

The tactics used by fraudsters trying to trick victims into handing over information were varied, ranging from simple too-good-to-be-true giveaways to highly sophisticated cons like 'number spoofing'.

Just under one in four reported receiving a fake HMRC 'tax refund' message typically claiming recipients had been overcharged and money was waiting to be claimed.

Many were targeted with messages designed to scare recipients into taking action such as alerts that someone had hacked a social media account (7%), bank account (8%) or PayPal account (18%).

Worryingly, one in ten in our survey experienced a 'number spoofing' scam which is where a fake message manages to enter a chain of genuine messages from a company you deal with regularly like your bank.This is able to happen because of the way mobile operators group messages and is a major flaw in the system that Which? highlighted last year.

A quarter of respondents told us there were other types of scam message popping up on their screens including bogus friend requests, DVLA refunds, Microsoft account issues, unpaid TV licence fees and phoney WhatsApp updates.

But not all unsolicited messages are scams. A large number of Which? members reported receiving messages about an injury claim from companies they had never contacted. This may be heavy-handed marketing or cold-selling, rather than an attempted fraud. Nonetheless, be wary of any message you don't recognise and avoid clicking links.

How you can spot a mobile scam

Some scams are riddled with typos or implausible claims, but others may slip under the radar.

In our research, we found a number of examples where the sender managed to impersonate a well-known organisation, and in at least one case, knew the recipient's first name.

The gallery below shows some examples of the type of scam texts that are common, so keep an eye out for these common tactics.

Why mobile scams can fool anyone

David Rogers, founder of mobile phone security company Copper Horse, told Which? Money the way we use mobile phones can make us vulnerable.

'You may be busy travelling somewhere or doing something and your reaction to a message or web advert may be entirely different to when you're sat at home concentrating. Criminals rely on this.'

This lower level of concentration combined with the small size of mobile screens can limit our ability to interrogate information fully.

Chester Wisniewski, from security software firm Sophos, explained: 'It is a lot easier to phish people on their phones as they cannot see many of the tell-tale signs of a scam, such as where a link will lead when tapped.

'This lack of context, combined with mobile browsers' default behaviour of hiding the URL bar to provide a larger display area for web pages, leads mobile users to fall victim to attacks at even higher rates than desktop users.'

What happens if you click a scam message link?

If you don't spot a message is a scam, it can have devastating consequences.

In our survey, we heard from members who had lost significant sums through phone and text scams after sending the fraudsters money.

But even if you don't lose money the effects of a scam text or call can still be scary.

One Which? member told us they had received a series of messages after making the mistake of clicking on a link in a scam iPhone text - even though she didn't enter any details.

5 ways to beat the scammers

Here are some tips to help you keep safe against scam texts and calls.

Be careful with your data - criminals can piece together data from a range of sources like what you post online on social media accounts.

Never click on links - you should be wary of the links in unsolicited messaged even if they appear to be from a trusted source at first glance.

Do not reply - never reply to a scam message as fraudsters may put you on a 'sucker' list and you could be bombarded with more scams.

Never share Pins or passwords - you should avoid giving out security details or passwords following an unsolicited call or text message.

Report suspected scams - you might be able to help others by raising the alarm. You can report mobile scams to Action Fraud and your mobile network.

What's being done to tackle scam texts and calls?

Ofcom told us it had introduced new rules which help protect people from nuisance calls, including banning phone companies from charging for caller display a feature which can help victims screen calls.

UK mobile operators have also recently launched SMS PhishGuard, an initiative intended to block spoofing messages.

Banks are able to register and protect their 'sender ID' on a database, allowing mobile networks to block any attempt to send a text from a number that doesn't come from those registered by the bank.

UK Finance, which represents the banking industry, told Which? eight banks have so far signed up.

Which? is calling for all banks wanting to protect customers from fraud to sign up to this new initiative and if successful for it to be expanded beyond the banking industry.

Find out more:how to stop nuisance calls and texts

Original reporting by Ceri Stanaway

More on this

Related articles

About Us

Which? Limited is registered in England and Wales to 2 Marylebone Road, London NW1 4DF, company number 00677665  and is an Introducer Appointed Representative (FRN 610689) of the following:


1. Inspop.com Ltd for the introduction of non-investment motor, home, travel and pet insurance, who are authorised and regulated by the Financial Conduct Authority (FCA) to provide advice and arrange non-investment motor, home, travel and pet insurance products (FRN310635). Inspop.com Ltd is authorised and regulated by the Financial Conduct Authority (FCA) to provide advice and arrange non-investment motor, home, travel and pet insurance products (FRN310635) and is registered in England and Wales to Greyfriars House, Greyfriars Road, Cardiff, South Wales, CF10 3AL, company number 03857130. Confused.com is a trading name of Inspop.com Ltd. 


2. LifeSearch Partners Limited (FRN656479), for the introduction of Pure Protection Contracts and Private Health Insurance, who are authorised and regulated by the FCA to provide advice and arrange Pure Protection Contracts and Private Health Insurance Contracts.  LifeSearch Partners Ltd is registered in England and Wales to 3000a Parkway, Whiteley, Hampshire, PO15 7FX, company number 03412386.


3. HUB Financial Solutions, for the introduction of equity release advice and an annuity comparison service, who are authorised and regulated by the Financial Conduct Authority (‘FCA’) to provide advice and guidance on financial products for those who have retired or are approaching retirement (FCA Firm Reference Number: 455713). HUB Financial Solutions is registered in England and Wales to Enterprise House, Bancroft Road, Reigate, Surrey RH12 7RP, company number 05125701.


4. Alan Boswell Insurance Brokers Ltd (FRN 301), for the introduction of non-investment landlord insurances, who are authorised and regulated by the Financial Conduct Authority to provide advice and arrange insurance contracts. Alan Boswell insurance brokers Ltd is registered in England at Prospect House, Rouen Rd, Norwich NR1 1RE, company number 02591252.


Other financial services:

Mortgage service provided by London & Country Mortgages (L&C), Unit 26 (2.06), Newark Works, 2 Foundry Lane, Bath BA2 3GZ. London & Country are authorised and regulated by the Financial Conduct Authority (registered number: 143002). The FCA does not regulate most Buy to Let mortgages. Your home or property may be repossessed if you do not keep up repayments on your mortgage.


We do not make, nor do we seek to make, any recommendations or personalised advice on financial products or services that are regulated by the FCA, as we’re not regulated or authorised by the FCA to advise you in this way. In some cases, however, we have included links to regulated brands or providers with whom we have a commercial relationship and, if you choose to, you can buy a product from our commercial partners. 


If you go ahead and buy a product using our link, we will receive a commission to help fund our not-for-profit mission and our campaigns work as a champion for the UK consumer. Please note that a link alone does not constitute an endorsement by Which?.