Although it sounded like I was plugging giffgaff over EE, I was actually using it to think through the various ways in which a scam like this might be spotted. It is so easy to be caught out when you aren't trying to spot a scam, and the scammers have been careful to set this one up so that people will respond without checking first.
It ticks so many boxes - accident, hospital (don't ring as calls might not be allowed), daughter's name (but not the daughter's phone number, so relying on the daughter's number not being stored on Mum's phone). Blaming overdue premium rate incoming text charges for eating the first topup, is a master stroke!
I think that EE used to allow customers to topup another number, like giffgaff does. (Can't check as EE broke my Orange account so it has been impossible for me to log in for several years.)
Just a thought - if the scammer's number wasn't an EE number, they wouldn't have been able to use the voucher on that phone. They probably used the vouchers on other phones. I don't know whether it is possible for the voucher company to trace which phone the voucher was used on?
It is possible for the outgoing number to be spoofed on texts, as is demonstrated by the fault when someone uses a PAC to transfer their number into giffgaff for their iPhone. The texts from the new number still appear to be from the old number, until iMessage has been reset. If this can happen by accident, it is probably easy for a hacker to do it deliberately.
There is a TrueCaller app that might help in recognising scams, as it displays the identity of callers even if they are not in the phone's contact list (looks them up on the internet, and recognises known scammers). They also do TrueMessenger for texts.
There are so many data breaches now, that it is probably quite easy for two sets of stolen data to be matched up to get a first name and the mobile number of a relative (or person at the same address), which is all that was needed for this scam.