By Rafael Garrido, Chief Information Security Officer, Lifelines Neuro
We can all agree that a phone number is an easy “thing” for anyone to find, but did you know that it can be used to unlock data about you? In fact, it is incredibly easy and profitable, that’s why hackers and scammers do it. Let’s take a close look at some of the common ways your number might be used and what you could do to better protect yourself.
Simply go to any people search site (WhoEasy, Whitepages, Fast People Search) and type in a phone number to reveal someone’s personal information in less than a few seconds. How? Well, these sites purchase personal information and then sell it to those who want your data. The information found through these sites can include: home address, bankruptcies, criminal records, and family member’s names and addresses, email address, etc. This data that can be used for blackmail, stalking, or identity theft.
Sim swapping is a bit more involved, but not impossible. Basically, a hacker contacts the mobile carrier (which they can get for free by data mining), and claims to be you. If successful, they can assign a new SIM to your phone number, allowing them to route calls and texts to a physical cell phone they control. From there, they could log into your email account. Of course, they would need your password, but they can just click “Forgot your password” and get the reset link sent to “their” phone (which now uses your number). Once on your email account, it’s easy to gain access to other accounts by simply requesting a password reset from other services. Luckily, cell providers have security features to prevent scammers from switching SIM on a number. However, if they are able to find enough information about you, they may be able to answer security questions. Pro-tip: check with your cell provider to see if they offer a security pin, if they do – you may want to think about setting one up.
Spoofing occurs when someone makes your phone number pop up on a caller ID when it really isn’t you that’s making the call. The goal is to trick someone else into answering the phone. When they pick up, they have a chance to trick them into whatever scheme they’ve come up with, like tricking them to give them their credit card information. Sadly, It doesn’t take much to spoof a phone number. There are apps and websites that allow scammers to simply type in a phone number and make a call. It’s super easy and quick, which makes it appealing to scammers.
Texting Scams or “Smishing”
This type of scam is called “smishing,” In these texts, they send links that when clicked, can infect a phone with malware with the intent to steal personal information. Sometimes, they simply attempt to scam someone by pretending to be their bank, the IRS, or their doctor. The goal is to pose as someone you trust, to trick you into giving them personal information, credit card numbers, etc.
What can you do to better protect yourself?
- Try to limit giving your phone number to friends and family. For anything else, get a virtual number that can forward calls to your phone. This minimizes the chances that anyone will have your real number; which is linked to your personal information. How? You can set up a virtual number for free through Google Voice.
- Don’t click on links sent to you in text messages, even if they were sent from a trusted contact. If your bank, credit card company, doctor, or service you use contacts you through text, call them using a verified number from their website to confirm; avoiding malware or scams.
- Ask your mobile carrier to add an extra layer of security like a password or PIN number to your account.
These three simple steps will only go so far to help you safeguard your personal information. Our personal data is likely already in many people-search sites. While you can send these sites requests to remove your information, it’s a huge task. You may not be able to completely prevent someone from getting access to your phone number; but knowing what they could do with it can help you avoid scams and protect your information from being more widely spread.
This information was brought to you by Lifelines Neuro’s Chief Information Security Officer, Rafael Garrido.