If hackers have your email address, you’re a potential target for phishing attacks that can deliver ransomware, infostealers, and other malware. Because we’re all online all the time, most people have become more aware of these kinds of cyberthreats.
But did you know your phone number is just as valuable?
In this article, we’ll explain how hackers can find your phone number and use it to scam you. More importantly, we’ll show what you can do to stop them.
What can someone do with your phone number?
Your phone number is deeply embedded in your digital identity. It’s connected to other personally identifiable information, including your address, your banking information, and your medical records. There’s a lot of incentive for bad actors to acquire kind of personal data they can, so that they can keep digging for more. If a hacker finds your phone number, they can use it to target you in a variety of ways.
Phishing attacks and spam
Phishing scams, a form of social engineering, are used to manipulate you into sharing personal information. They can take many forms, including emails, texts, and phone calls.
For example, you may be familiar with phishing scam calls: Someone claiming to represent an insurance company may call you to let you know you’re entitled from a car accident. Or someone claiming to represent your bank claims you need to pass a security check to receive an important message about your account.
Scammers use these tactics to try to steal more personal data from you so that they can steal money or commit identity theft, and they’re extremely common: According to the FBI’s Internet Crime Complaint Center, people reported more than 193,000 phishing attacks(новое окно) in 2024.
SIM-swapping
In a SIM-swapping attack (also known as port-forwarding), scammers contact your phone company to ask them to port your phone number over to a new SIM card. Once the number is registered to their SIM card, they can make calls and send texts from your number, allowing them to contact anyone in your phone book. They can also intercept two-factor authentication SMS codes to gain access to your accounts. That’s why it’s always best to use a 2FA authenticator app rather than SMS.
Your social media profiles, email accounts, and logins for all of your accounts become available if scammers manage to carry out a SIM-swapping attack.
Identity theft
Once a scammer has collected enough of your personal data, they can begin to make purchases, withdraw money from your bank accounts, and apply for loans in your name. This is full identity theft and it’s difficult to recover from: You’ll need to inform your bank and government services, and update potentially hundreds of website logins.
How can someone get your phone number?
Hackers have many methods for finding and exploiting victims, including:
- Data breaches: Bundles of phone numbers are collected by hackers in data breaches and sold on the dark web. Hackers trade and sell personal information so that they can find out how to target you with scams.
- Data brokers: Data brokers can legally sell personal data for marketing purposes.
- Phishing scams: By impersonating a trusted authority such as your bank or a government agency, scammers can convince you to give them personal information.
- Your social media: If you’ve ever shared your phone number online, it’s easy for scammers to dig through your social media profiles, personal or business websites, or message boards to find this information.
Attempts to exploit phone numbers are on the rise around the world. The UK’s Office of Communications (Ofcom) estimates that 82% of adults in the UK(новое окно) had received a suspicious message in the form of a text, recorded message, or phone call to a mobile or landline. So much of our personal information is available online that it’s never been easier for scammers to target victims, and our phone numbers are a vital piece of information to protect.
Protect your phone number from being leaked
The best way to protect your phone number is to be aware of where you’re sharing it. Don’t share it online, and make sure that you don’t give it out to anyone you don’t trust, whether it’s a business or an individual.
Be aware of phishing scams and spam
Unfortunately, phishing and scam attempts are now part of our daily lives. Taking the extra time to verify the identity of someone who’s calling or emailing you is worth it. Never give out personal or financial details on the phone, and if you’re uncomfortable with a phone call you’ve received you can hang up and call the company back using their phone number as listed on their official website.
You can report phishing attempts and scam telephone calls to organizations such as Action Fraud(новое окно) and USAGov(новое окно), which will ultimately help in the fight against scammers. You can also add yourself to the National Do Not Call Registry(новое окно) or the Telephone Preference Service(новое окно), which will opt you out of sales and marketing calls.
Mitigate data breaches with dark web monitoring
If your data appears on the dark web, this gives hackers an opportunity to buy it and begin to target you with scams. Proton Pass, a password manager built to help you manage your online identity, also offers dark web monitoring. You’ll be notified automatically if any of your personal data is compromised, giving you a chance to act quickly. You’ll be able to see what data was compromised and potentially the service that compromised it. You can also see all known breaches that could have affected your accounts in the last two years.
Protect all of your personal data from hackers
There are many ways you can proactively protect your phone number and all of your other personally identifiable data. As a general rule, protecting all of your sensitive information is the best way to prevent being affected by a data breach or getting hacked.
Use hide-my-email aliases to prevent spam
Protecting your passwords seems obvious, and now you know that protecting your phone number is important. But did you know that protecting your email address is just as important? Your email address is your digital passport, attached to nearly all of your online accounts and practically a map of your online behavior and preferences.
To prevent your email address from falling into scammers’ hands, you can use hide-my-email aliases. These aliases are randomly generated email addresses that forward emails to your personal inbox. They mask your personal email address, meaning that if there’s a data breach or your data is sold to a data broker, hackers won’t be able to connect the alias to any of your personal data.
Create secure, varied passwords
The easiest way to protect yourself online is by using an end-to-end encrypted password manager like Proton Pass. Not only can Proton Pass help you create, store, and autofill all of your passwords, it can help you control how much personal data you share online. The built-in password generator makes it easy to use secure, unique passwords for each of your accounts. This makes it much more difficult for hackers to access your accounts, even if they get hold of one of your passwords in a data breach. Having a secure password also protects you from brute-force attacks where hackers can guess your password.
Improve your cybersecurity with two-factor authentication (2FA)
Two-factor authentication (2FA) strengthens the security of your online accounts. Rather than simply using a password, 2FA asks you to also input a one-time password generated in an authenticator app or use a physical security key. This additional identity verification makes it harder for someone to access your accounts, even if you accidentally divulge your password to a hacker. Proton Pass offers a built-in 2FA authenticator to make logging in more secure without compromising on ease.
Protect your phone number and your online identity with Proton Pass
Proton Pass offers multiple tools to help you stay safe online and protect more than just your phone number online. Find out more about the plans we have available and ensure that your phone number doesn’t end up in the wrong hands.
