You may not worry much about potential fraud when you provide your cellphone number while shopping online, checking out at retail or grocery registers or adding it to online account profiles. It might even seem sensible to include your phone number in a “for sale” ad on Facebook, Craigslist or another online marketplace.
But did you know that when criminals obtain or gain control of your cellphone number, they could potentially steal personal information and passwords and perpetrate frauds that victimize others? They may also be able to download malware or spyware onto your phone and other mobile devices.
As if that’s not scary enough, no matter how careful you are about giving out your cellphone number, chances are that it’s already out there for plenty of eyes to see.
“We create so much data about ourselves because of our online usage, says Eva Velasquez, president and CEO of the Identity Theft Resource Center (ITRC), a nonprofit organization that assists consumers and victims of identity theft crimes at no cost. “When you add social media into the mix, we create all kinds of information about ourselves that we’re making, for the most part, publicly available.”
Frequent data breaches among businesses, financial institutions and organizations can also land your phone number, along with other personal data used for identity theft, in the hands of criminals. And your cellphone number is probably already for sale at people-finding websites that sell information like your address, birthdate and other data about you.
Curious about the things that scammers can do with your cellphone number? Read on for some of the most common ways criminals can use your phone number for scams, fraud and identity theft.
1. Scam phone calls
Once your phone number is out there, scam calls can come rolling in with any number of tricks, threats and lies. For example, someone claiming to be “tech support” at Amazon may call to tell you that your account has been compromised. Then the scammer asks for your account password and other personal information that could be used for identity theft purposes so they can “fix” the issue.
Maybe a scammer impersonating a Social Security agent might tell you that your Social Security number will be suspended unless you call in to provide and verify the number.
“Spam or scam phone calls are a line of interaction and engagement with you — and the more that you’re being bombarded, that increases your risk,” says Velasquez. “If you get a hundred spam or scam phone calls per month, odds are that they’re going to catch you with some kind of story or scheme that is that is going to resonate with you.”
To help protect against scam calls, don’t answer calls from numbers you don’t recognize. Also, keep in mind that most government agencies won’t make unsolicited calls. They’ll send a letter or notice and only contact you via text or email if you’ve given permission to receive notifications and updates.
2. SIM swapping and port-out scams
Criminals can also take control of your phone number with a scam called SIM swapping. A SIM (subscriber identity module) is the chip-enabled card in your phone that connects with your network to make calls and use data.
With this scam, the fraudster contacts your mobile carrier and convinces the agent that they are you, maybe telling the representative that “you” have a new phone and need to port your number to the new device. With a SIM swap, the scammer now has complete control of your cellphone account, allowing them to perpetuate multiple frauds.
When that happens, “they can do anything that you would be able to do on that account,” says Velasquez. “They can make calls, purchase hardware, get you set up on a plan and have the hardware shipped to them.” Then you end up with those charges on your phone bill.
To help protect yourself from SIM swapping, set up additional identity verification methods such as a PIN or additional password. “Contact your carrier, ask them what extra protections you can add and take advantage of those,” recommends Velasquez.
3. Take over financial accounts
Your cellphone number is the “key to your most important financial accounts” since banks, businesses and payment services often send text messages to verify your identity when you make account updates, according to the Federal Communications Commission (FCC).
“The scammer [who has your phone number] can gain control over the victim’s private texts and calls and may try to reset credentials for the victim’s financial data and social media accounts” according to the FCC. “If successful, the scammer can drain the victim’s bank accounts and sell or ransom their social media data.”
The FCC recommends adding an additional password or PIN if you don’t have one to verify your identity. Also, be on the lookout for suspicious transactions or updates.
“Enable both email and text notifications for financial and other important accounts,” says the FCC. “If you receive notice that changes to your account have been made without your knowledge, contact the business holding that account immediately to let them know that you didn’t authorize a change.
Scammers use special software to “spoof” phone numbers they don’t actually own so the number appears on the recipient’s caller ID screen. This way, they can trick their victims into believing they’re from a legitimate business, government agency or another organization.
The motive: to gain access to your sensitive, personal information so they can use it for identity theft or other forms of fraud, including tricking unsuspecting victims out of their money or personal information.
“If you get calls from people saying your number is showing up on their caller ID, it’s likely that your number has been spoofed,” according to the FCC, which warns against answering calls from unknown numbers.
“If you do , explain that your telephone number is being spoofed and that you did not actually make any calls. You can also place a message on your voicemail letting callers know that your number is being spoofed,” says the FCC.
5. Google Voice scams
With a Google Voice number, the user can make calls and send text messages via phone or another mobile device or a web browser. A scammer who wants to use your cellphone number as their Google Voice number can’t just set it up and start doing their dirty work, however. Activating a new Google Voice account requires entering a one-time password code.
With this scam, a fake “buyer” or “seller” generates a text message sent to your phone number that contains a Google Voice verification code for the account they’ve set up with your cellphone number. Then they ask you to provide the code sent by Google Voice to verify that you’re a real person. If you give them the code, the scammer can then access that Google Voice number and use it to scam others.
“If you’re selling something on a marketplace and you have images of it, they could turn around and pretend to be you as the seller,” says Velasquez. “Then you have two victims. Your phone number is being used, the products that you’re trying to sell are being used and the person who spends the money doesn’t actually get the product. The money has gone into the hands of a scammer.”
Never respond to anyone who asks you to provide a Google Voice code. If you do, they can use your cellphone number to perpetuate numerous types of scams and fraud.
6. Scam text messages
Once a scammer has your cellphone number, they can send text messages with a link that downloads malware (malicious software) onto your device and/or mines your device for account passwords, financial accounts and personally identifiable data that could be used to steal your identity.
Scam messages may contain links to click on for information about an urgent situation such as a problem with your device that needs “tech support” or a claim that your Social Security number will be suspended or you’ll be arrested if you don’t respond.
Scam text messages may also entice you to click on the link to win a prize or gift, donate to help natural disaster victims, learn about a business investment or other lucrative offer.
“Depending on how you manage your devices, some of these links can include things like spyware and malware,” says Velasquez. To help protect your devices and personal information, never click on an unsolicited text link from an unfamiliar source.
Additional mobile device security measures recommended by the U.S. Cybersecurity and Infrastructure Security Agency include:
- Enable and install automatic operating system and app updates.
- Set strong passwords and PINs and use authentication methods such as fingerprint, facial recognition or iris and retina scans.
- Use only curated (never third-party) app stores.
- Avoid public Wi-Fi.
- Install security software that protects against malware.