We fill in online forms and social media profiles with a lot of sensitive data entrusting that companies will keep it secure. But rarely do users consider their phone number as a vulnerable piece of information. This is the source of spam robocalls, account hacking, and even identity theft. Fortunately, with a little care, it’s easy to prevent future problems.
Here are 9 steps on how to protect your phone number:
- Stop giving out your number to anyone or any site.
- Harden your online account at your mobile service provider.
- Start using an eSIM instead of a SIM chip.
- Get a separate work phone.
- Use a secondary or burner number for online use.
- Setup identity alert with a monitoring company.
- Fix errant public records.
- Use an authenticator app instead of SMS for two-factor authentication.
- Wipe your old device before recycling or disposing of it.
We’ll go through each of these steps in more detail in the following sections. Implementing just some of these measures will significantly improve the security of your phone number.
Why It’s Important to Protect Your Phone Number
As mentioned above, most people rarely consider their phone number as sensitive personal information. We need to change this thinking. Your phone number should be thought of as one of the most confidential pieces of information. It’s tied very tightly to your real-world and online identity and can even betray your current location.
When hackers or criminals get your phone number, they can become you and access your contacts, financial information, and even work information. This access exposes you to a possible data breach, spamming your contacts, and potential identity theft.
1. Stop giving out your number to anyone or any site.
The first and best thing you can do to protect your phone number is to not give it out when signing up for an account on a website or in an app. This holds especially true for small companies whose data storage practices might be a secondary thought to their service.
Skip the cell phone number field when it is not required. When it is a mandatory web form field, fill it in a random area code of 555, an exchange of 555, and a four-digit random number. For example, (555) 555-6725.
Only break this rule when the phone number might be used for two-factor authentication.
Note: Companies that send a verification text message to customer phone numbers are not providing ample multi-factor authentication.
2. Harden your online account at your mobile service provider.
Similarly to strengthening security for any online account, you can harden your online account at your mobile service provider. Setting a strong password and two-factor authentication are obvious steps. Mobile carriers also offer additional security measures. Take a look at your mobile service provider’s site for these enhanced security settings.
If you are unclear about adding extra security to your accounts, call your carrier’s customer care. Ask about the security measures they have in place for ensuring your account is only accessible by you.
Additional Mobile Account Security Measures:
- Turn off caller ID.
- Use the generic outgoing voice message on your voicemail.
- Strengthen your security questions and answers.
- Use a secondary email address on your mobile account.
|You can also ask your service provider if they’ll hide the list of calls and texts on your bill. Removing this unnecessary extra data in the world protects your phone number and those your call.|
3. Start using an eSIM instead of a SIM chip.
A SIM swap attack is a social exploit when a hacker uses social engineering or an inside contact at a mobile service company to update the Subscriber Identification Module associated with a user’s account. Afterward, calls, SMS texts, and MMS messages are diverted to the attacker’s device.
A SIM cloning attack is a technical exploit where a hacker has physical access to a user’s SIM card and a cloning device. The attacker copies of victim’s chip and returns it to the phone. The target is tricked into restarting their device. The attacker powers on before the mark and hijacks calls and texts.
To help protect yourself against both of these attacks, opt for an eSIM instead of a regular SIM card. An eSIM, or embedded SIM, ensures the SIM stays with your phone and is not cloned. An eSIM also makes the mobile service provider entirely responsible for delivering phone calls and texts to only the subscriber’s actual device.
Remember, you’ll want to ensure your cellular carrier has extra security in place to prevent anyone from updating the eSIM associated with your account as described above.
In this video (4m41s@2x), Hashoshi digs deeper into SIM swapping and how to avoid it.
|By the way, I answered 9 common questions about SIM cards people ask me. #2 is actually the most interesting.|
4. Get a separate work phone.
Another strategy to protect your personal phone number is through maintaining a separate work phone number and secondary smartphone device specifically for your professional life.
It’s an additional bill and yet another smartphone battery to keep charged, but this compartmentalization allows you to publicize your work phone online while protecting your personal cell phone number. Some employers issue a company-owned iPhone or Android phone.
5. Use a secondary or burner number for online use.
It’s kind of like in the movies when you see a character use a burner phone to make that quick phone call and throw it away right after.
If you often enter your mobile number online or fill out forms in real life, you might want to buy an inexpensive Android device with a prepaid, second phone number.
Alternatively, you can get WiFi phone numbers or use a burner app. Remember, your information can still be traced. We’re only looking to fulfill a supposed requirement to provide a phone number without giving our actual number which can attract unwanted calls.
6. Setup identity alert with a monitoring company.
It’d be great if you had a digital bodyguard watching your back online. They’d keep an eye out and let you know when a hacker or scammer is checking out your information, right?
Thankfully, this exists in the form of identity alert with monitoring companies like LifeLock. Such services immediately alert you if your personal data has been compromised, accessed, or any suspicious activity occurs.
7. Fix errant public records.
Imagine receiving calls from someone else who used your number and is now in foreclosure on their real estate properties. For reasons that might not even be your fault, you can find yourself dealing with the annoying issue of incorrect public records. The calls can be bothersome, but there’s also a risk of your phone number being in the wrong hands.
I’m going through this problem. I keep getting calls and texts for Donald Humphreys. He apparently used my number (perhaps by accident) on the public records for a property he’s now foreclosing on. I’ll have to go to the Gwinnett County courthouse and get this fixed
The only way to fix this is to go to the county clerk’s office for the foreclosed properties to correct the records. I guess I’ll be making a trip to the Gwinnett County administration center. Thanks a lot, Don!
As a precaution, you can always check if your public records’ information is correct using online public record repositories like SearchQuarry.com.
8. Use an authenticator app instead of SMS for two-factor authentication.
We have discussed using two-factor authentication to add extra security to your account logins.
To level up, we need to ensure the unique temporary codes aren’t compromised.
Using an authenticator app rather than SMS or email for one-time verification codes is far more secure. These apps are easy to download and use. Authenticator apps are immune to having SIM swap attacks and don’t leave a record of where you’ve logged in with your mobile carrier.
9. Wipe your old device before recycling or disposing of it.
When it comes to old phones, some people may sell or recycle them. But did you know it’s not that difficult to restore data from the device?
Handle your old smartphone with care when you are trying to dispose of it.
Before you sell or recycle your old mobile device, ensure that full device encryption is enabled. Afterward, wipe the device at least twice using your manufacturer’s instructions.