EE upgrades Scam Guard with AI fraud protection

EE has upgraded its Scam Guard add-on with new AI-driven features designed to detect and flag potential fraud across calls, messages and web browsing.

The update introduces "AI Triple-Lock" protection powered by Norton, alongside additional tools such as scam analysis, password management and device security.

Available to EE pay monthly customers, Scam Guard is now priced at £2 per month - up from £1 at its launch in 2024.

Illustration: Choose.co.uk

Updated scam protections

EE has updated its Scam Guard add-on with new AI-driven features and increased the price to £2 per month on a rolling 30-day basis.

The update introduces a new "AI Triple-Lock" layer powered by Norton, adding Safe Email, Safe SMS and Safe Web services to identify potentially malicious messages, links and websites.

Safe Email scans incoming messages and flags suspicious content before it is opened. Safe SMS analyses text message content and links for patterns associated with scams, while Safe Web blocks access to suspected fraudulent websites during browsing or online shopping.

Also new is Scam Assistant, which allows customers to upload screenshots of messages, emails, websites or QR codes for analysis. The update adds a password manager, social media monitoring and mobile device security, including malware and ransomware protection, through its Norton partnership, while dark web monitoring continues as part of the existing service.

Scam Guard also continues to include call labelling, which has been part of the product since launch and remains its most visible feature. When an incoming call is flagged, the handset displays either a "Likely Nuisance" or "Suspected Scam" warning before the call is answered. This operates at network level, allowing EE to analyse call patterns - including number spoofing and high-volume dialling activity - in real time rather than relying on data stored on the device.

Unlike call labelling, which appears directly on the incoming call screen, alerts from the AI Triple-Lock features are delivered through the EE Cyber Security app rather than within the email or messaging app itself.

EE states that scam text blocking is already handled at network level for all customers, meaning Scam Guard does not prevent SMS messages from arriving, but instead focuses on analysing and flagging potentially suspicious content.

Call protection is also limited to standard mobile calls carried over EE's network and does not extend to internet-based calling services such as WhatsApp or Microsoft Teams.

The service is priced at £2 per month on a rolling 30-day basis, following increases from £1 at launch in July 2024 and £1.50 in August 2025. Existing Scam Guard customers are being moved to the updated version and new price automatically, with notification provided by text message.

Malcolm Cubitt, Director of Product, Mobile, EE, said, "Fraud in the UK is at a record high, with AI making scams more convincing and harder to detect. As these threats evolve, we continue to adapt as the UK's best network - constantly seeking new and innovative ways to protect and support our customers. This includes leading industry alliances, investing in network-level controls, and employing a dedicated team of security experts. And now with our newly enhanced Scam Guard service, we're providing customers with an even greater level of cyber security protection."

Protection worth paying for?

EE's Scam Guard adds two things: network-level call labelling, and a set of app-based tools that analyse messages, links and websites.

The first, network-level call detection, analyses incoming calls in real time across the EE network using technology from Hiya, a voice security company whose system also powers equivalent features at O2 and Vodafone. Where a call is flagged as suspicious, a "Likely Nuisance" or "Suspected Scam" warning appears before the customer answers. No app is required - the warning appears in the caller ID when the phone rings.

The second layer is a set of on-device tools powered by Norton, covering email inboxes, message links and websites. These operate through the EE Cyber Security app and surface alerts as push notifications, separately from the email or messaging apps the customer already uses.

That difference in how alerts are delivered matters. Call labelling interrupts at the decision point - before the customer answers. The Norton tools notify via a separate app, meaning a push notification about a suspicious message arrives independently and requires the customer to identify what is being flagged. For anyone receiving a high volume of messages, or less confident navigating between apps, that process can add friction compared with the call labelling experience.

Customers should also consider what protection their device already provides. Modern iPhones and Android handsets include built-in spam filtering and, in some cases, call screening - with devices such as those running Google Pixel Call Screen offering particularly capable native call protection. Where these features are already active, some elements of Scam Guard may duplicate existing functionality rather than extend it.

For households or shared accounts, the value calculation changes further. The full suite - Norton tools, dark web monitoring, device security and password management - is available to the account holder only. Additional lines receive call labelling alone, meaning a family of four would need multiple subscriptions to access the full feature set across all users.

The practical question for any EE pay monthly customer is whether Scam Guard adds enough to justify £2 a month - £24 a year - on top of protection that already exists at network level for free.

For most customers, that comes down to two things: the value of call labelling, and whether the additional app-based tools meaningfully add to the protection they already have.

The 30-day rolling contract means there is no long-term commitment. Customers can add the service, assess whether it makes a practical difference, and cancel without penalty if it does not. Given that some of the bundled tools may duplicate protection already present on the device, and that Norton alerts introduce a degree of friction that call labelling does not, it is worth trialling before treating the subscription as a permanent addition to the bill.

Network duty or paid product

Fraud affecting UK mobile customers is at a record high. Cifas recorded 444,000 cases in the National Fraud Database in 2025 - the highest annual total on record and a 6% increase on 2024 - with the surge widely attributed to criminal networks using AI to generate convincing phishing emails, deepfake calls and targeted SMS scams at scale.

Older people and those less confident with technology are disproportionately targeted - the same groups least likely to sign up to, fully understand, or make effective use of a service built around subscription, multiple features and ongoing engagement.

Currently, mobile operators are legally required to do relatively little beyond background filtering. Ofcom's existing framework relies on the persistent misuse regime and voluntary industry measures, with no binding obligation to provide consumer-facing scam alerts or call labelling. That framework is now being tightened: proposals published in October 2025 would require operators to detect and block scam messages in transit, carry out checks on business message senders, and act on scam reports, with a final decision expected in summer 2026.

However, even under those proposals, visible, real-time protections - such as call labelling - remain outside the scope of what would be required - leaving core protections unevenly applied.

Call labelling operates at the same network level across EE, O2 and Vodafone, but is not consistently treated as a standard feature. O2 includes it automatically at no extra cost, while EE and Vodafone bundle it into paid add-ons.

As fraud becomes more widespread and more sophisticated, it becomes harder to justify treating these protections differently across networks. Protections that directly interrupt a scam at the point of risk - such as call labelling or more effective SMS filtering - are not optional enhancements; they are part of how harm is prevented in real time.

Where those capabilities already exist at network level, the expectation increasingly shifts towards them being provided as standard, rather than requiring customers to navigate layered, opt-in products to access protection. It would also ensure that the most effective safeguards reach the customers most at risk, rather than those most willing or able to subscribe.

Paid services can still have a legitimate place above that line, providing optional tools such as device security, password management or identity monitoring. But the separation needs to be clear: core, network-level protections delivered by default, with paid features positioned as optional extras rather than as the primary means of protecting customers from harm.