What Can Someone Do With Your Phone Number?

Learn how your phone number can become a significant threat when social engineers, cybercriminals take action or back-doors are presented.

Povilas M.

Security Expert

Your phone number seems like a harmless piece of information. Or most of us at least think that there isn’t too much harm in using your phone number during sign-up processes, when filling out profiles, etc. But do you know information that can a phone number reveal about the person it belongs to? It’s a good idea to think about everything that might be associated with it and what can be done with that data or information. With just a bit of social engineering or back-door, simple hacking, cybercriminals can present a significant threat.

Sell your phone number to third parties

Have you ever decided to opt-in or opt-out of something, services, newsletters, etc.? It’s most likely that somewhere along the line, you had to provide your phone number for identification purposes. And what you might not have known was the unannounced sale of this information by the company to third parties without any notice or further explanation after handing over what was requested of you. That’s definitely not in your best interest.

For what reasons? Well, because the company profits from selling these contact lists to marketing agencies, and even spoof callers. They can call you and seem very professional, even knowing your identity, and try to either sell you something via annoying cold calls or outright scam you by trying to lure away money or force you to disclose some private information with them.

Phone number rerouting for scamming

This is a much rarer, but still quite a significant threat. In order to pull this off, a hacker or fraudster should target you personally, meaning they need to have access to a lot of your data, including your phone number. The hacker then contacts your carrier and claims to be you, providing relevant information during the identification process to not raise any alarms with the service.

Once they pass the identification process, they can ask for the reroute, making every call to your number be rerouted to a different phone. That’s enough to hack almost every single account, even with 2FA protection (at least until the original owner notices). Hackers can just reset your password, authenticate via the phone and can really mess with any personal information.

Luckily, more and more carriers have safety toggles for such instances, but it is still worth knowing.

Smishing

You probably heard about phishing, but are you aware of the term Smishing? It’s a form of hacking, falling under the social engineering umbrella as it tries to exploit trust instead of focusing on ingenious programming trickery or forceful hacking.

The term Smishing is the combination of ‘SMS’ and ‘Phishing’. It’s become a lot more prevalent and common in recent years, especially with the emergence of online banking. Hackers and cybercriminals send unsuspecting victims genuine looking spoof SMS messages that can even seem like they came from the bank or their primary financing company. The SMS message contains a link and urges you to take action, usually expressing concern for your data integrity and security.

The bottom line is that banks and all financial institutions in most EU countries or the Western World aren’t sending any links via SMS because of such hacking threats. They can send you encouraging messages and inform you about data breaches, but these SMS’ won’t contain any links.

How can you better protect your phone number?

The best way you can protect yourself is through awareness and knowledge that what you’re doing really matters. It’s like what people say, but the exact opposite – what you don’t know can’t hurt you. As you can see, what you don’t know can and is likely out there to hurt you, either financially or by misuse of information for private interests.

Blocking the suspicious number manually or reporting it to your carrier won’t hurt, but what can help is protecting yourself online and offline by reducing your digital footprint wherever you can:

Never share private info with anyone you don’t trust, phone number included
Don’t click on suspicious links or attachments sent to you via SMS or with your phone
Use strong passwords for all accounts, but especially the ones that are related to what’s critical or personal (linked with a phone number)
Avoid creating accounts associated with your personal phone number on suspicious sites
Enable 2FA for every possible and important service to reduce the risk of fraud

For US carrier customers, and with most EU or responsible phone service providers, you can add further and more sophisticated protection to your account. Secondary security codes, special passwords and passphrases come to mind. For example,

Sprint users can add a PIN for their account
Verizon allows to add a PIN code as well
AT&T has guides on extra security
T-Mobile offers the ability to add in customer passcodes

Conclusion

The Kraden team hopes that after reading you have the right answers to this question. However, what you need to understand is that what others can do with your information – including phone numbers – isn’t limited to what’s listed here. The reality is that they will exploit the personal data you provide for their own interests, whether or not what they do is legal. This is why services like Kraden exist – to help protect your data and to help keep your data truly yours!