If hackers have your business email address, you’re a potential target for phishing attacks that can deliver ransomware, infostealers, and other malware. Because we’re all online all the time, most people have become more aware of these kinds of cyberthreats.

But did you know your business phone number is just as valuable?

In this article, we’ll explain how hackers can find your phone number and use it to scam you. More importantly, we’ll show what you can do to stop them – including how a business password manager closes off some of the easiest entry points.

What can someone do with your phone number?

Your business phone number is deeply embedded in your digital identity. It’s connected to other personally identifiable information, including your company address and your organization’s banking information. There’s a lot of incentive for bad actors to acquire that kind of sensitive data they can, so that they can keep digging for more. If a hacker finds your business phone number, they can use it to target you in a variety of ways.

Phishing attacks and spam

Phishing scams, a form of social engineering, are used to manipulate you into letting a scammer into your systems. 

For example, you may be familiar with the phishing scam calls that happen to people every day: Someone claiming to represent an insurance company may call you to let you know you’re entitled from a car accident. Or someone claiming to represent your bank asks you to pass a security check to receive an important message about your account.

In a business context, scammers can do the same by acting as a vendor, contractor, or senior executive to steal sensitive data from you, like bank account and routing details, organization structures, or the personally identifiable information that belong to your customers or employees.

When this happens over a call, it’s called vishing. SMS phishing is called smishing.

SIM-swapping

If your business phone number is on a mobile line, a scammer can contact your phone company to ask them to port your phone number over to a new SIM card. Once the number is registered to their SIM card, they can intercept SMS-based 2FA codes and take over any account tied to that number. Many businesses bypass the need for phone-based verification by using a 2FA authenticator app.

Caller ID spoofing

This is what identity theft looks like in a business context. Scammers don’t need to have access to your SIM at all to pretend to be your business. Because VoIP providers let the caller set an arbitrary Caller ID field when placing a call. Free or low-cost spoofing services allow anyone to input a number of their choosing to display. Once someone can convincingly impersonate that credential, they can act as you without ever compromising your actual accounts or devices. A single spoofed call can affect your relationship with vendors and clients because while they think they’re trusting your business, they’re letting an attacker in.

How can someone get your phone number?

Hackers have many methods for finding and exploiting victims, including:

  • Data breaches: Bundles of phone numbers are collected by hackers in data breaches and sold on the dark web. Hackers trade and sell personal information so that they can find out how to target you with scams.
  • Data brokers: Data brokers can legally sell personal data for marketing purposes.
  • Phishing scams: By impersonating a trusted authority such as your bank or a government agency, scammers can convince you to give them personal information.
  • Your social media: If you’ve ever shared your phone number online, it’s easy for scammers to dig through your social media profiles, personal or business websites, or message boards to find this information.

So much critical business information is available online, it’s never been easier for scammers to target victims, and our phone numbers are a vital piece of information to protect.

Protect your phone number from being leaked

Unfortunately, phishing and scam attempts are now part of our daily lives. Taking the extra time to verify the identity of someone who’s calling or emailing you is worth it. Never give out personal or financial details on the phone.

To reduce unsolicited calls to business lines, register with your country’s equivalent of the National Do Not Call Registry in the US or the Corporate Telephone Preference Service in the UK rather than the standard consumer opt-out lists, which don’t apply to business numbers.

Mitigate data breaches with dark web monitoring

If your business data appears on the dark web, hackers have an opportunity to buy it and begin to target you with scams. Proton Pass, a password manager built to help you manage your online identity, also offers dark web monitoring. You’ll be notified automatically if any of your personal data is compromised, giving you a chance to act quickly. You’ll be able to see what data was compromised and potentially the service that compromised it. You can also see all known breaches that could have affected your accounts in the last two years.

Use hide-my-email aliases to prevent spam

Protecting your business passwords seems obvious, and now you know that protecting your phone number is important. But did you know that protecting your email address is just as important? Your email address is your organization’s front door, connected to every account, tool, and vendor that keeps your business running.

To prevent your business email address from falling into scammers’ hands, you can use hide-my-email aliases. These aliases are randomly generated email addresses that forward emails to your main inbox. They mask your email address, so if there’s a data breach or your data is sold to a data broker, hackers won’t be able to connect the alias to any of your personal data.

Create secure, varied passwords

The easiest way to protect your business online is by using an end-to-end encrypted password manager like Proton Pass. Not only can Proton Pass help you create, store, and autofill all of your passwords, it can help you control how much personal data you share online. The built-in password generator makes it easy to use secure, unique passwords for each of your accounts. This makes it much more difficult for hackers to access your accounts, even if they get hold of one of your passwords in a data breach. Having a secure password also protects you from brute-force attacks where hackers can guess your password.

Improve your cybersecurity with two-factor authentication (2FA)

Two-factor authentication (2FA) strengthens the security of your online accounts. Rather than simply using a password, 2FA asks you to also input a one-time password generated in an authenticator app or use a physical security key. This additional identity verification makes it harder for someone to access your accounts, even if you accidentally divulge your password to a hacker. Proton Pass offers a built-in 2FA authenticator making it easy to roll out strong authentication across your team without adding friction to daily logins.

Protect your phone number and your online identity with Proton Pass

Proton Pass offers multiple tools to help you stay safe online and protect more than just your phone number online. Find out more about the plans we have available and ensure that your phone number doesn’t end up in the wrong hands.