In today’s digital age, our phone number has become an essential part of our daily lives, and losing it can have devastating consequences. Unfortunately, phone numbers are becoming increasingly vulnerable to hacking and cyber-attacks. With the rise of data breaches and phishing scams, protecting your phone number has never been more important. To regain your peace of mind in a digital world, here are nine steps to protect your phone number.
- Stop giving out your number to anyone or any site.
- Harden your online account at your mobile service provider.
- Start using an eSIM instead of a SIM chip.
- Get a separate work phone.
- Use a secondary or burner number for online use.
- Set up identity alerts with a monitoring company.
- Fix errant public records.
- Use an authenticator app instead of SMS for two-factor authentication.
- Wipe your old device before recycling or disposing of it.
Don’t feel like you have to do every step or even in a particular order. Implementing just some of these measures will significantly improve the security of your phone number.
Stop giving out your number to anyone or any site.
The first and best thing you can do to protect your phone number is not to give it out when signing up for an account on a website or in an app. This holds especially true for small companies whose data storage practices might be a secondary thought to their service.
Skip the cell phone number field when it is not required. When it is a mandatory web form field, fill it in a random area code of 555, an exchange of 555, and a four-digit random number. For example, (555) 555-6725.
Only break this rule when the phone number might be used for two-factor authentication.
It’s also okay to not give out your phone number to people that don’t need it…like annoying Uncle Rob who texts you to join the latest instant messenger after he’s synchronized your phone number to the service. 🙄
Harden your online account at your mobile service provider.
Similarly to strengthening security for any online account, you can harden your online account at your mobile service provider. Setting a strong password and two-factor authentication are obvious steps. Mobile carriers also offer additional security measures. Look at your mobile service provider’s site for these enhanced security settings.
Call your carrier’s customer care if you are unclear about adding extra security to your accounts. Ask about the security measures they have in place to ensure your account is only accessible to you.
Additional mobile account security measures:
- Turn off caller ID.
- Strengthen your security questions and answers.
- Use a secondary email address on your mobile account.
- Use the generic outgoing voice message on your voicemail.
Start using an eSIM instead of a SIM chip.
A SIM swap attack is a social exploit when a hacker uses social engineering or an inside contact at a mobile service company to update the Subscriber Identification Module (SIM) associated with a user’s account. Afterward, calls, SMS texts, and MMS messages are diverted to the attacker’s device.
A SIM cloning attack is a technical exploit where a hacker has physical access to a user’s SIM card and a cloning device. The attacker copies of victim’s chip and returns it to the phone. The target is tricked into restarting their device. The attacker powers on before the mark and hijacks calls and texts.
To help protect yourself against both of these attacks, opt for an embedded SIM instead of a physical SIM card. An eSIM is part of your device and cannot be removed. eSIMs are slightly more difficult to swap since the mobile provider is responsible for securing the configuration.
Remember, you’ll want to ensure your cellular carrier has extra security to prevent anyone from updating the eSIM associated with your account, as described above.
In this video (4m41s@2x), Hashoshi digs deeper into SIM swapping and how to avoid it.
Get a separate work phone.
Another strategy to protect your personal phone number is to get a separate work phone number and a secondary smartphone device specifically for your professional life.
It’s an additional bill and yet another smartphone battery to keep charged, but this compartmentalization allows you to publicize your work phone online while protecting your personal cell phone number. Some employers issue a company-owned iPhone or Android phone.
Use a secondary or burner number for online use.
It’s like in the movies when you see a character use a burner phone to make that quick phone call and throw it away right after.
If you often enter your mobile number online or fill out forms in real life, you might want to buy an inexpensive Android device with a prepaid, second phone number.
Alternatively, you can get WiFi phone numbers or use a burner app. Remember, your information can still be traced. We’re only looking to fulfill a supposed requirement to provide a phone number without giving our actual number, which can attract unwanted calls.
Set up identity alerts with a monitoring company.
It’d be great to have a digital bodyguard watching your back online. They’d keep an eye out and let you know when a hacker or scammer is checking out your information, right?
Thankfully, this exists in identity alerts with monitoring companies like LifeLock. Such services immediately alert you if your data has been compromised, or accessed, or if any suspicious activity occurs.
Fix errant public records.
You can find yourself dealing with the annoying issue of incorrect public records for reasons that might not even be your fault. Imagine receiving calls from someone else who used your number and is now in foreclosure on their real estate properties. The calls can be bothersome, but there’s also a risk of your phone number being in the wrong hands.
I’m going through this problem. I keep getting calls and texts for Donald Humphreys. He used my number (perhaps by accident) on the public records for a property he’s now foreclosing on. I’ll have to go to the Gwinnett County courthouse and get this fixed.
The only way to fix this is to go to the county clerk’s office for the foreclosed properties to correct the records. Thanks a lot, Don!
As a precaution, you can always check if your public records are correct using online public record repositories like SearchQuarry.com.
Use an authenticator app instead of SMS for two-factor authentication.
We have discussed using two-factor authentication to add extra security to your account logins.
To level up, we must ensure the unique temporary codes aren’t compromised.
Using an authenticator app rather than SMS or email for one-time verification codes is far more secure. These apps are easy to download and use. Authenticator apps are immune to SIM swap attacks and don’t leave a record of where you’ve logged in with your mobile carrier.
Wipe your old device before recycling or disposing of it.
When it comes to old phones, some people may sell or recycle them. But did you know it’s not difficult to restore data from the device?
Handle your old smartphone carefully when you are trying to dispose of it.
Before you sell or recycle your old mobile device, ensure that full device encryption is enabled. Afterward, wipe the device at least twice using your manufacturer’s instructions.