Screen Print Dynamics owner Ian Kikkert says he endured a nightmarish ordeal where he fielded hundreds of angry calls, was forced to cut his phone off and was be left counting the cost of a mangled business reputation. And he did absolutely nothing wrong.

MORE PHONE SCAMS:

Teacher feared $97,000 fine or arrest during ATO scam call

Telcos should stop ‘SIM swap’ scams

The scary part is it could happen to absolutely anyone — even if you have a private number.

“The phones just went totally ballistic,” Mr Kikkert said.

“I don’t know how much business I have lost. Customers were coming in, just to check if we hadn’t gone out of business. Even my Google rating went down because of complaints written on there. It’s devastating.”

Mr Kikkert’s Kippa-Ring business was the target of a sophisticated caller ID “spoofing” scam.

An overseas call centre scam operation had hijacked his easy-to-remember local phone number — (07) 3888 0000 — and had used easy-to-obtain software to make that number show up as the caller ID when a scammer called a local mark. And, according to the advice he received from his telco, there’s nothing he could have done to prevent it.

$1 FOR 28 DAYS: SUBSCRIBE TO QUEST COMMUNITY NEWS & THE COURIER MAIL

Over three days, he said the business received thousands of phone calls from people angry that they’d been called by a scammer.

“If this happens to anyone, I can’t recommend enough to get onto Telstra (or your telco) immediately so they can get the filters in place,” Mr Kikkert said.

“For those people who receive spoof call, don’t punish the poor Australian phone numbers who are tied to the scams.

“I had not idea of spoofing before — I had never even heard of it — but I’ve certainly learnt that if I don’t recognise the phone number that pops up on my mobile — even if it is an Australian number — ignore it, as is quite likely tied to a spoof.

“Calling back can add to the pain of a business or person who has had their number tagged to the call.

And if you get a spam call, watch your manners.

“We were also told that something the spamming guys do is that if you are abusive to them, they will have a vendetta against you and pick your number,” he said.

“We were advised to not be aggressive, just hang up. So don’t be aggressive or abusive to them, or you could risk a similar thing happening to you as it did to us.”

ANATOMY OF A SCAM:

THE SCAM CALL

The caller was convincing, and it’s easy to see why some people fall for the ploy.

I was eating lunch at work when my mobile phone rang. While I don’t usually pick up unknown numbers, the 3888 0000 number seemed somewhat familiar — and, besides, it was local — so I answered the call. I was told that I had recently had a car accident and, lucky me, I was entitled to financial compensation. All I had to do was to provide the caller with my insurance details, and he would do the rest.

This is a common trick, where a scammers use a plausible scenario and use the promise of cash to convince their marks to hand over personal details. On the surface, it looks convincing because the scam has been tailored to local laws. Legitimate telemarketers must have an Australian caller ID displayed, and provide business details when asked. The caller also said the system had flagged me because of a claim I made on my compulsory third-party insurance. Two ticks for legal compliance.

More news by Amanda Horswill

Shocking truth behind land value averages

Divorce? Now there’s an app for that

Buyer beware: Do you know the difference between a path and a road?

FACEBOOK: @NorthBrisbaneCommunityNews

I am on the “do not call register”, and, thankfully, I have not had a car accident recently. So I asked the scammer to provide their company name and address. He said he was from Accident Insurance Claims (CHECK), with a business address of a tall, extremely well-known skyscraper in the city, home to a number of insurance firms. I asked for his name — Frank — and for a phone number of his superior. He gave me the 3888 0000 number. Another tick for legal compliance.

But while he talked, I checked the name of the company and the address in the building. No record. Anywhere.

I got a bit stroppy.

I told him that what he was he was doing was against the law, as he was attempting to obtain personal information from me for the purpose of identity theft. I was pretty cranky. He hung up.

But from what I was about to learn, perhaps I should have been nicer.

VIEW FROM THE OTHER SIDE

What was just an inconvenient and cortisol-spiking interruption to my Vegemite-sandwich eating was a small business nightmare for Mr Kikkert.

When I spoke to him later that day, the only means of contacting him was via Facebook Messenger, and even then it took him some time to call me back. He sounded exhausted. Bewildered. But not beaten. In that typical Aussie style, he was making jokes about his predicament — even though he was extremely worried about his livelihood.

“It was a normal Tuesday morning, doing business, trying to service customers in the region and wider Australia,” he said.

“I get this phone call and it just goes blank. Literally a minute later I get a phone call with someone saying ‘I’ve just been contacted by this number and by this scam’.

“Then I had another phone call 30 seconds later, with someone saying they’d missed a call from this number, but I said, ‘No I didn’t contact you’, and then it dawned on me: My number had been hijacked and used as part of a scam.

“Then the phones just went ballistic. Totally.

“What was happening was that they’d used our phone number as a caller ID, and people were seeing a Queensland number, and then ringing back. Some people would listen (to the scammer) and then ring back to find out more details. Most people would see the number and ring back because they were intrigued because it was an Australian number.

“It got to the point where I had to turn the phone off.

“We moved premises three years ago and I kept the number and diverted it because 3888 0000 is a terrific number and our Kippa-Ring number is not a nice number at all. And it’s on all of our marketing — our business cards, promotional material, the website …

“I was thinking, ‘oh no, we are a small business, how far have they penetrated, did they get into the computer system?’. But I found it was isolated to just the number.

“I called Telstra and they said we could put an international block on that number (coming in to Australia). Basically somehow they had hacked the system (from their country of origin) to get the number to appear. Telstra said to wait 24 hours to see what happens.

“After 24 hours, I came into work and thought ‘this is great’. Everything was quiet.

“But then sure enough, at 9.30-10am, the phone started and it was even worse than the day before. It got so bad that we had angry phone calls coming back to me — three or four a minute. I would pick up the phone to make a business call but there would be someone on the other end calling in, ringing from all over Australia. It was very, very hard. I had to turn my phone off.

“Telstra said they would put the issue through to their onshore specialty team who deals with unwanted calls, and said they’d get back to me within five days, max. If you are a big business, that might be fine, but a small business couldn’t operate like that for five days!

“The only solution, in the immediate time frame, seemed to be to disconnect the diversion, operate from the local phone number that no one knows, and advise my customers accordingly.

“It took another six hours for the disconnection. And then the next afternoon, it was finally done, and I turned my phone on — and silence. Thank goodness.”

But the damage was done. His number is now listed on many online scam call lists, and his Google business rating went down due to scam marks downgrading their star rating with grumpy comments.

“I though I’d go to the police — not that they could do anything. I went to the local Redcliffe police station … and they said go to ACORN (the Australian Cybercrime Online Reporting Network). I called ACORN … They said it was called ‘spoofing’, that it’s nothing that we did, we were just unlucky.

They said it’s not their jurisdiction, and to go to the local police station.”

Acorn sent this email to Mr Kikkert:

Thank you for lodging your report with ACORN. Please be advised that your complaint has been assessed by the Queensland Police Service (‘QPS’).

What has occurred to your phone number is “spoofing”.

Telephone spoofing, also known as caller ID spoofing or neighbour spoofing, is the act of making a phone call appear as if it is coming from a different number on a caller ID. The reasons for doing this is to disguise the true caller’s location and it is more likely that people will accept a call from a number that appears to be a local number.

There are various methods to this, such as configuring the settings of a VOIP provider. There is easily available technology that allows your phone calls to appear as if they are coming from another number. Numbers are selected at random, you are not being specifically targeted.

It is recommended to lodge a complaint with your telecommunications provider.

Unfortunately your complaint does not fall under the current ACORN guidelines. This type of scam is classed as a “Cold Call” not a “Cybercrime”. We are unable to take your complaint.

It is recommended to attend your local Police Station with this email to lodge a complainant.

Mr Kikkert said he felt very unlucky.

“Yes, it was an absolutely stressful time,” he said.

“At least, though, we were able to disconnect the number and at least move on because we are semi-savvy with computer stuff.

“A lot of vulnerable people have been targeted,” Mr Kikkert said. “I can’t imagine what would happen if an elderly person was targeted this way.

“We were also told that something the spamming guys do is that if you are abusive to them, they will have a vendetta against you and pick your number. We were advised to not be aggressive, just hang up. So don’t be aggressive or abusive to them, or you could risk a similar thing happening to you as it did to us.”

ALL’S WELL THAT ENDS WELL …

Mr Kikkert said Telstra had managed to put a block on calls coming into Australia with his number as the caller ID tag. The scammers usually abandon the number once that has happened.

But, he’s still worried.

“We work very hard here as a shirt decoration company servicing customers all over the country,” he said. “We have had our digital reputation tarnished. I can’t control that — what’s written on Google review. I don’t know how much the business has lost. This could cost thousands of dollars if we have to get a new number and redo our marketing and get new business cards and brochures

“I’m still not sure if I trust the 3888 0000 number. We have had customers drop in, saying ‘We’ve been trying to call you but were frustrated because there was a phone disconnection message’. I’ve had to tell them of the situation.

“I think from a (government) policy point of view, this is an interesting case, too. The fact that I was sent between Federal and State Police, obviously they do their best but this seems to slip in between the gap. I do wonder if telcos could act like banks and monitor call activity like banks do with credit cards fraud. Banks know when there’s a fraudulent transaction in a strange location. Surely there must be some easy way of monitoring if all of a sudden there is a phone number that is going wild beyond normal level of calls all of a sudden. Telcos could be more proactive and jump on that straight away. It took two full days for (a result).”

So, did Mr Kikkert antagonise a scammer by being rude on a previous call?

“I have received lots of scam calls in the past: I have an ATO bill that needs payment now and I can pay with bitcoin or iPhone vouchers. I tend just to hang up on most of these. I know it’s purely random.”

Meanwhile, Mr Kikkert said it’s business as usual. Calls to the 07 3888 0000 are now being answered.

“After three days of the spoof impacting us, Telstra put a filter throughout the national exchange blocking any external international calls that had a tag associated with our business number. Once the filter propagated throughout the network, we gave it another 24 hours and then reconnected our business phone number.

“In the following few days, we only received a few stray calls, and then we haven’t had any spoof calls since. So thankfully back to normal now. The experience quite literally took our business off line for 3-5 days, which certainly had an impact, but thankfully we jumped on it immediately so the impact was minimised.

“If this happens to anyone, I can’t recommend enough to get onto Telstra immediately so they can get the filters in place. And also, for those people who receive spoof call, don’t punish the poor Australian phone numbers who are tied to the scams. I had not idea of spoofing before (had never even heard of it), but I’ve certainly learnt that if I don’t recognise the phone number that pops up on my mobile (even if it is an Australian number), ignore it, as is quite likely tied to a spoof — calling back can add to the pain of a business or person who has had their number tagged to the call.”

.

Telstra and ACCC’s ScamWatch has been contacted to comment on this story, which will be updated when they arrive.