How one unsolicited phone call in Australia ended up in Amsterdam.
It all started with a phone call.
One. Simple. Phone. Call.
An innocent one too.
As the world’s technology evolves, it gets harder and harder to keep things simple. But if we do find a way to simpler times, there’s always someone who decides to ruin it all for everyone. In this case, the good thing is having a mobile phone. The bad thing is unwarranted calls and text messages.
In the 20th century, telemarketing calls would be limited to the household landline phone. Now, mobile phones have molded into smart phones, text messaging became a standard way of communication, the landline disintegrated for ADSL / NBN / Wireless, and Voice over Internet Protocol (VoIP) programs are the norm. With this, telemarketers have moved to mobile numbers, and spam texts have increased, especially with dodgy links with claims of representing your local supermarket where you have won a gift card. Most of the time there is a hyperlink attached which tries to convince you to click through to ‘claim your prize’ or ‘log in and update your details’.
In cases, it’s a purely innocent message you received because about 8 years ago, you registered your number to a company when you filled out a form for an online competition or a lottery in the shopping centre that was giving away a new car / million dollar home, and didn’t fully check the terms and conditions. Then they may have sold their database of names and phone numbers to a data supplier, who have sold on that database onto other companies, and so on. It’s an ongoing cycle that runs pretty deep. Usually the text message gives you a ‘way out’ by saying “Text STOP to Unsubscribe”, or “Text UNSUBSCRIBE to Stop”, but all you’re doing is contributing more to their database, saying your number is active.
You could buy a new SIM card and change your number as new SIMs are a dollar a dozen these days, but you then will have to update all your registered information, tell your friends and family of your new number, and other things that you have your number associated with. But it’s harder to do such a thing if you rely on your mobile number for a business or primary form of contact, and you need to answer every call – because there is a 50 / 50 chance it’s either a client or a telemarketer. There are applications you can download onto your phone for free that help filter out spam calls and texts, and for a small fee, you can subscribe to their database that’s constantly updated with submissions from the general public. It’s a decent preventative measure, but it won’t completely stop the traffic.
I took a step further.
I have had the same mobile number for more than 17 years. It’s only in the last couple of years, I have had an increase in text and phone call spam. Most of the unsolicited calls came from a web hosting provider, who sold my details on to other companies as I had just registered a domain name for a side project. Within 30 minutes of it registering, the calls started. I guess it’s partially my fault for not paying premium on privacy, but that should be a default thing in today’s consumerism as it’s generally bad business practise (GoDaddy, I’m looking at you…). I usually do what every other person does when they get an unwarranted call:
- Do not answer unknown Caller ID,
- Give them little detail when they ask who you are,
- Be polite,
- Be abusive,
- Say “No”,
- Hang up.
But lately I have been putting a spin on these calls, depending on my mood. In most cases, when I received a call asking for “Matt”, I put on a “radio” voice, say my name is “Johnno” and tell them that they are “On the air”. If you treat the call that it is ‘recording’ and they are being broadcast everywhere, they tend to hang up. Just get creative, but make sure you never reveal any personal details and never say “Yes”, as some scam callers could record you saying that word and use it in voice-prompted bank phone calls to impersonate you.
But on July 12, 2018, my spam calls and text messages started to change.
Out of nowhere, my name changed from my actual name “Matt”, to “Neil”. I couldn’t work out why. I felt like I was losing my identity as these personal spam texts and calls weren’t really asking for me. Originally I thought I had become a victim of a phone number hijack – where spammers mask their details with your phone number and call other people. I stopped answering unknown phone calls for a week or so, until I accidentally answered one, as the phone number said it was coming from my suburb.
“Hello, is Neil there?” said the lady on the other end of the line.
“No… this is Johnno…” I quickly replied – even though my name is not ‘Johnno’ – “How did you get this number?”
“Oh, are you sure? I am calling from the Surf Life Saving Foundation, and I was wondering if you wish to donate to the… – ” I cut her off.
“No, my name’s Johnno.” I firmly said.
“Oh – okay. So you’re not Neil <retracted> ?” Said the lady again, slightly confused.
“No, definitely not. But how did you get this number?” I quizzed.
“Your number is on our database which you supplied to us.” The lady said, sounding a little worried as I was pushing back.
“I definitely did not. I have had this number for 17 years, and I have not had any contact with giving Surf Life Saving my mobile number. No permission whatsoever.” I reassured her. Don’t get me wrong – the Surf Life Saving Foundation is a fantastic non-profit organisation that helps save lives and patrols public beaches. All the more to raise money or donate to them.
“Oh my – I am sorry to disturb you.” She said, a little stunned.
After the phone call ended, I pondered for a moment. Why did she call me Neil? I needed to find out.
I called back the displayed number, which after a few phone rings, went to a voicemail service. The voicemail explained that the phone represented the Foundation, and the call came from “Thomas Direct” – a Brisbane suburb based non-for-profit telefundraising company. After a Google search, they are a legitimate business who rely on making calls for charity organisations. So many of these non-for-profits tend to suffer the burn of the spam call.
I called Thomas Direct and after explaining the situation to the switchboard, I was transferred to a Senior Supervisor to get more answers. After some probing, it turned out that my number definitely was associated with this “Neil” person on a database, but centralised to one charity only, as Thomas Direct handles more than one charity at a time. I asked where this database with my number came from, which they could not answer straight away as they needed to do some more research and would call me back.
30 minutes later, the phone call came back from Thomas Direct – the database was generated and bought from “Cohort Digital”.
Actually named Cohort Global, this is a large data company providing permission based marketing services and sales to businesses from consumers who have given consent to be contacted. You know those online competitions and surveys you fill out and down the bottom of the form there is that box that if you tick or untick, you give consent for contact, before you hit the submit button? Kind of like that. But it’s down to you – the consumer – to submit those details and give permission.
Cohort appear to be a highly reputable company, with offices based in Sydney, London, and New York. Upon their contact form on the Cohort site, there is a simple online form to fill out. But I wanted a phone number. Someone human to chat to and find out how they got my number and how my name changed to “Neil”. Who is NEIL??!!
Not long after I called, I received another spam text – addressed to “Neil” – and this time, with a friend “J”. What the fuck is going on?
A couple of days later, I received a phone call from … let’s call her – “Carol” – from Cohort’s Consumer Care. After an explanation to Carol on what I was trying to find out, Carol apologised for the inconvenience and submitted my phone number and “Neil <retracted>” into the system in order to remove from their database and their clients. But I had to find out – how did they get my phone number into their system in the first place?
After sharing my own personal details to differentiate myself from “Neil”, it turns out that “Neil” had filled out an online quiz. (SHOCK HORROR!) This quiz, in particular, is called a ‘Quiztionnaire’, where you enter your name, address, e-mail and phone number in order to win a prize or receive a final result for a quiz you filled out. In this case, “Neil” had filled out their details, and either typed in his mobile number and made a typo – making it mine – or randomly typed in a mobile number that just happened to be mine. I also discovered what suburb “Neil” was potentially located in, since my privacy had already been violated. After a satisfactory chat with Carol, I hung up, confident that I will nor receive any spam texts or calls anymore.
Gee – thanks Neil! More spam texts. This time, the spam is representing “Australia Post” with a dodgy link disguised as a shortcut, or an abbreviated link. I highlighted the link without directly opening, which showed a preview of the full domain link. I then headed to a site by MailChimp called Unfurlr, which opens what is on the other side of abbreviated links, including the coding and other details, without actually going to the website. I noticed that if I had opened the “zm4” link in the text message, it would have diverted to a dodgy site made to look like the business it is claiming to be, along with the full name, suburb and phone number associated with the link – which confirms to the scammer that the details are active.
So this “Quiztionnaire” has become really annoying. I was curious to see what this “Neil” has filled out. I searched for this mysterious site – and I found it. I won’t hyperlink it, but you’ll get the idea.
“Neil” wanted a free iPhone 7 through the internet! ARGH! You have a better chance getting struck by lightning than winning one of these – even if there is an iPhone ready to be given away. I had a look at the fine print:
Basically it says that if you submit your details, you consent to them selling AND sending them on to their clients around the world, for indefinite usage to contact you via mail, phone, SMS / MMS or e-mail and incorporating your details in any information products they own until you request to cease it. But what are the odds of you stopping them doing that?
At the very end of the disclaimer, the name of the company who created the ‘Quiztionnaire’ is revealed – QubiQ Digital B.V.
I contacted Carol at Cohort again wanting more information, like if QubiQ Digital B.V. were behind the “Quiztionnaire” they used to obtain data. With a positive confirmation, I also found out that “Neil” had filled out the Quiztionnaire on July 12, 2018. Which explains that not long after that date, I started to be called “Neil” in my texts. I was also informed by Carol that they take their privacy and data seriously, and provided me with government websites that I could submit any future spam texts and phone calls I receive that may appear to be suspicious.
QubiQ Digital – I’m coming for you.
This next step gets weird. QubiQ goes a little grey when it comes to contact information and location. At first glance, I find that they are based in Amsterdam or possibly London. The actual QubiQ website at the time had an online contact form, e-mail address and physical location located in Amsterdam – but no phone number.
The information I found on a London connection showed a possible association with another marketing company called MMR Group. I contacted MMR about my situation, and after some back-and-forth e-mails and helpful assistance, it turns out that QubiQ dissolved into MMR over 7 years ago, and this wasn’t the company I was after.
So, what’s the go with the Amsterdam connection?
With a few deep clicks into Google, Facebook and LinkedIn, I tracked down a few names that claim association with QubiQ Digital B.V. I sent a private message via LinkedIn to management explaining that they may have my details under someone else’s name on file and I wish to speak to them. I waited a day or two and did not receive a response. I re-scanned my notes and realised that I never asked Cohort for the direct contact information they had for QubiQ. So a swift e-mail later, I received the address of their contact.
It was the same person I had found on LinkedIn. I knew I was heading the right direction now. But I wanted a phone number. I wanted to verbally chat to the person who had a connection with the site that was selling data to people who were silly enough to enter it – purely to try and win something that they or may not actually get. After a few more clicks, I eventually found domain names that are associated with QubiQ Digital .B.V. – so I gave the ol’ “Whois” trick a go to see if their business details come up in the domain registry. All of them were hidden, until I found a singular domain e-mail address that matched the domain in the contact from Cohort, and it had a contact phone number. So I made a note of it, just in case.
I e-mailed the contact and explained (for the upteenth time) my situation – that someone filled out their “Quiztionnaire” with someone else’s name, address but used my mobile number, and asked for a removal. A few hours later, I received a response:
I wasn’t going to send my identification as it was not going to match “Neil”. But after some correspondence about my mobile number:
Woo Hoo! Victory is mine!
Until a week later, when I received another text.
For fuck’s sake… all that time and effort.
I sent QubiQ an e-mail again saying I’m still receiving text messages and requested a list of data sharing partners that would have my number on file. I’ll keep fighting this – I’m that far in.
At the time of writing this, it’s been a month. I didn’t get a response back from my e-mail. But the spam text and calls have stopped. For now. The original QubiQ site that had Amsterdam details have now changed to London (not associated with MMR) and a complete design makeover. The Quiztionnaire site is still available to access, but now gets this alert in Google Chrome browser:
As for “Neil”, I looked up the details I had on file, and found that “Neil <retracted>” of “<Suburb and State retracted>” may own a small business, which contains their phone number. I went to pick up the phone and make a call to have a polite chat.
I hung up after dialling the first digit.
I hope you win your iPhone 7, buddy. Hope you chose Jet Black.