I recently had a couple of…well…strange calls from people apparently returning a missed call from me. They were people unknown to me, their numbers didn’t appear in my outgoing calls list, and both were based in Ireland.
I thought it was odd, apologised to them, advised I hadn’t attempted to call them but thanked them for letting me know. It was already the weekend so I decided it could wait until Monday and I would give my telephone provider a call.
Things came to a head when I received a call on the Sunday from a cross-sounding gentleman, demanding to know who I was 😳
It appears a 3rd party had withdrawn funds from his bank account without his authorisation, and when he checked the transaction details it came up with my telephone number and address! Thankfully the amount was minimal, but in such cases fraudsters will often withdraw a small amount that can be easily missed by the account holder, in order to verify the account details to attempt a much larger transaction. He was on the ball and rather than ignoring it contacted his bank immediately.
I confirmed the business name used to withdraw the funds was not mine and he very helpfully sent me screenshot of the offending transaction, which included a Google map of my address.
I promptly contacted Action Fraud and raised a fraud report, but my nice, relaxing Sunday turned into a day of phone calls, emails, and updating my website and socials to advise anyone coming across my legitimate business as a result of a ‘missed call’ that wasn’t really a missed call to check their bank accounts ASAP and raise a report with their bank if there were any transactions they didn’t recognise.
So, what is ‘spoofing’?
Apparently that’s what it’s called when a cyber criminal falsifies the Caller ID details they use to contact a potential victim, often through VOIP. Since spoofed calls can originate from other countries, the laws in the receiver's country may not apply to the caller. This limits laws' effectiveness against the use of spoofed caller ID information to further a scam.
My telephone provider were apologetic, but said there was nothing they could do apart from arrange to change my number. That’s the telephone number I’ve had for over 20 years. The number I use for business purposes that is included on all my documents, marketing and promo items, that all my clients past and present have, and is linked to all of my business accounts and subscriptions. I can’t even imagine the time and money it would cost me to change everything for the sake of 11 digits.
They also suggested I register with the TPS. That’s a really helpful suggestion, or it would be if I was the person receiving the spam calls.
The oddest suggestion was to report it to Trading Standards. I’m not sure how they think Trading Standards can help – I don’t know who is carrying out the scam, the transaction used a business name that could also have been spoofed (and even if it’s an actual business, a quick Google search shows a number of businesses using that name), and as I’m not the ‘mark’ in this scam, I haven’t actually lost anything.
Next Steps
I’m pleased to say I’ve had no further incidents – no more ‘returned’ calls, no more claims of attempted fraud, and no unusual activity on any of my own accounts. So that’s it, right? I can sit back and be thankful it wasn’t worse?
The short answer is no!
I’ve since spent time checking my passwords are secure, that I have two-factor authentication (2FA) in place where available, and that my operating system, firewall and spam protection are all up to date with any of the latest downloads and patches.
I’ve also done an additional system back-up and email clean up – these are things I do regularly anyway, but I wanted to be sure there was nothing untoward sitting my spam folder.
I did receive a missed call myself just a few days ago. When I called back, the person I spoke to insisted they hadn’t called anyone 😮. I was immediately put on alert, and explained ‘spoofing’ to him, describing my own experience and what further action he should take. He was very thankful for the information, and I’ve heard nothing since, so fingers crossed that was another attempt foiled.
What can you do to avoid spam or fraudulent calls?
Turn on the caller ID and spam protection setting on your phone.
Register with TPS – yes I know I said it wasn’t helpful in this instance, but that’s only because I wasn’t getting the dodgy calls. It’s still worth doing, and while it won’t stop all the calls it certainly reduces the number. You can register your landline and mobile numbers.
Block international calls – obviously don’t do this if you have regular overseas clients who want to call you, but personally any clients of mine contacting me from outside of the UK tend to use WhatsApp via WiFi.
When you sign up to new websites, or complete applications, untick the checkbox asking if you want your details to be shared with 3rd parties.
Implement two-factor or multi-factor authentication where available. This isn’t going to protect you from spam calls, but fraudsters using spoofing techniques are also likely to be involved in other fraudulent activities – in my case my number was spoofed by a fraudster attempting to access someone’s bank account, so it’s worth implementing all available security measures.
As a potential victim of fraud, it’s also worth setting up alerts on your banking app. I receive a notification each time funds leave my account, and while it’s occasionally annoying (yes I know I’ve just been on a spending spree!) it’s reassuring to be able to confirm they are all genuine, or to quickly log on to the account to double check.
Remember: stay vigilant and be fraud aware – you never know when it may happen to you.
For more information on identifying, preventing and reporting cyber crime, visit Action Fraud: https://www.actionfraud.police.uk/
Comments