My FICO logo $$$$$$$$$$$ 9876 5432 1234 5678 CREDIT CARD KELLY SMITH 11/26 My FICO logo
SCORE
Skip Navigation
  • Why FICO
  • How It Works
  • Pricing
  • Education
  • Community
  • Support
  • Member Dashboard
  • Log In Log Out
  • Start Plan
 
  • Why FICO
  • How It Works
  • Pricing
  •  
  • Education
    • Credit Education
    • Credit Scores
    • What Is a FICO Score?
    • FICO Scores vs Credit Scores
    • FICO Scores Versions
    • New FICO Scores
    • How Scores Are Calculated
    • Payment History
    • Amount of Debt
    • Length of Credit History
    • Credit Mix
    • New Credit
    • How to Improve Your Score
    • How to Build Credit
    • Credit Reports
    • What's in Your Report
    • Credit Bureaus
    • Inquiries
    • Errors on Your Report?
    • Blog
    • Calculators
    • Loan Savings
    • Vehicle Payments
    • How Much Can I Borrow?
    • Should I Consolidate My Credit Cards?
    • Know Your Rights
    • Identity Theft
    • FAQ
    • Glossary
  • Community
  • Support
  • Member Dashboard
  • Log In Log Out
  • Our Products
    • Ongoing Credit Monitoring Track your FICO® Score & identity
    • One-time Credit Reports Be prepared for important transactions
  • How Can We Help
    • Monitor Credit & Identity
    • Mortgages
    • Credit Cards
    • Auto Loans
  • Credit Education
  • Community
  • Support
  • Our Products
    • Ongoing Credit Monitoring Track your FICO® Score & identity
    • One-time Credit Reports Be prepared for important transactions
  • Credit Education
  • Credit Scores
    • What Is a FICO Score?
    • FICO Scores vs Credit Scores
    • FICO Score Versions
    • New FICO Scores
    • How Scores Are Calculated
    • Payment History
    • Amount of Debt
    • Length of Credit History
    • Credit Mix
    • New Credit
    • How to Improve Your Score
    • How to Build Credit
  • Credit Reports
    • What's in Your Report
    • Credit Bureaus
    • Inquiries
    • Errors on Your Report?
  • Blog
  • Calculators
    • Loan Savings
    • Vehicle Payments
    • How Much Can I Borrow?
    • Should I Consolidate My Credit Cards?
  • Know Your Rights
  • Identity Theft
  • FAQ
  • Glossary
View all Identity Theft articles

Why Your Phone Number Is Valuable to Hackers

October 20, 2016, by Karin Tansey

Last time we met, I explained why your email account is valuable to hackers-what value it has and how it could be used to gain access to more of your coveted personally identifiable information (PII) than you might think. But it's not just your email that hackers want; they want your phone number, too. How can your number used for identity theft? Read on.

Cell phone numbers are particularly valuable, as they have become the modern-day equivalent of your wallet. Your mobile device contains valuable information like your contacts list (a great way to get a list of your friends-future identity theft targets), affinity account and reward numbers (frequent flyer miles have a value that thieves can cash in on), web history and other equally valuable information. To get your phone number, two tactics are commonly deployed. Let's see them in action and how they play out. To click or not to click? That is the question.

  • SMISHING: This tactic is used to send a hyperlink to a mobile device in the hopes that the user will click it, invariably launching some sort of malware directly onto the device. But nobody clicks on links received from users they don't recognize, right? Riiiiight (note heavy sarcasm here). Unfortunately, piggybacking on top news items like the latest Kardashian shenanigan or a major sporting event like the World Cup or Super Bowl, people still do what they know they shouldn't and click away. It's even easier if the hacker manages to convince you that the URL is coming from someone you know.

Hackers often have this information because, well, they're hackers. They hack. Nefarious evil-doers can use cell phone numbers they've obtained from data leaks resulting from attacks like the SnapChat and Target hacks to send mass text messages to people with websites obscured by shortened URLs (for example: it can make http://www.IMHackingU.com to look like http://tiny.ae93al.com/) making it nearly impossible for anyone to really know what they are clicking on and where they are going to end up.

Imagine that you're a Target customer and receive the following text message from an unrecognized phone number, what would you do? "Target Corp. Security - Due to the recent security breach, all users are encouraged to go to http://tiny.ae93alk.com to securely reset your password." As we've learned in the wild, wild, Internet frontier, it only takes one mistake-one click-to send you to the equivalent of a digital "pokey". URLs disguised in this manner are the perfect avenue to install malware or viruses on your smartphone with you being none the wiser.

  • VISHING: This is the technique used by fraudsters to "phish" (solicit and obtain critical information) from you via voice communication. Essentially, they social engineer their way into your trust level to make you believe they are trustworthy in order to obtain critical and personal information needed to carry out their evil doings. This works because they sound nice, are pleasant and polite and are able to engender your trust over the phone.

Using technologies like Spoofcard, or by simply routing the call through their own Automatic Number Identification (ANI) masking tool, fraudsters can trick the caller ID functionality of your phone to display a fictional incoming phone number. This amazingly cheap technology allows people to pretend to be anybody-from a representative of a company with which you are affiliated with to a trusted business associate's secretary-in order to convince you to hand over your user ID, password, date of birth or Social Security number. They'll call you and claim to be from your bank (they just need your account number and routing information), the IRS (just to confirm your Social Security number) or even Microsoft (just let them log into your PC remotely) to try to gain access to your personal or financial information or even install malware on your devices.

Imagine this scenario: ` VICTIM: Looks down at phone's caller ID that says 800-123-4567 "Hello?" BAD GUY: "Hello. This is John Smith from XYZ Card Services - Security Division. Due to the recent security breach, we've identified that your account was compromised. For security purposes, before I can continue this call, I need you to please confirm your date of birth and Social Security Number." VICTIM: "Oh..yeah, I heard about that. Sure. May 1, 1983 and 123-45-6789."

So, how do you safeguard against these tactics? Get antivirus for your mobile device. I know, you were expecting me to say "Do not click on hyperlinks on your mobile devices," right? Look, most of us already know this and do it anyway, so rather than dispersing the "don't do that" advice, I propose the "do this instead" method. Make sure you have some sort of anti-virus software running on your phone. There are plenty of options available nowadays from renown security vendors like AVG, McAfee, eNod, etc. It can't protect you against everything-nothing can-but it can at least help.

Don't ever give out or confirm personal information over the phone. Unless you are initiating the phone call to an established phone number that you trust and can confirm. Major companies and financial institutions usually have policies that prohibit them from making outbound calls and asking customers to "validate" secure and personal information. If you're unsure, ask if you can call the representative back using the number on the company website. Stop giving out your phone number. If you want to enable people to contact you, even though you just met them, consider getting an alternate number that can automatically route calls and text messages to your real mobile phone number. Google Voice happens to be a free service and one that I enjoy every time I post items for sale on craigslist.org. These are just a few steps you can take to better protect yourself, but in general, just be cautious about sharing your personal information.

What tactics do you use to protect your information and devices?

Karin Tansey

Karin Tansey is the Senior Director of Product Management at myFICO and an online security expert.

Estimate your FICO Score range

Answer 10 easy questions to get a free estimate of your FICO Score range

740 - 790
Estimate for Free

Instant Access to Your FICO® Score

90% of Top Lenders Use FICO® Scores. Do you know yours?

Get Access Now!

Page footer

Products

  • Home
  • Why FICO
  • How It Works
  • Pricing

Learn

  • Education
  • Community
  • Support
  • Blog

Company

  • About Us
  • Terms of Use
  • Privacy Policy
  • Affiliate Program
  • Accessibility

Get Our App

  • Download iOS app on the App Store
  • fil_get
    Get Android app on the Google Play Store

Follow Us

  • Twitter
  • Facebook
  • Instagram

Credit Education

  • Credit scores
  • What is a FICO Score?
  • FICO Score versions
  • How scores are calculated
  • Payment history
  • Amount of debt
  • Length of credit history
  • Credit mix
  • New credit
  • Credit reports
  • What's in your report
  • Bureaus
  • Inquiries
  • Errors on your report?
  • Calculators
  • Know your rights
  • Identity theft
  • FAQ
  • Glossary

Copyright ©2001- Fair Isaac Corporation. All rights reserved.

IMPORTANT INFORMATION:

All FICO® Score products made available on myFICO.com include a FICO® Score 8, and may include additional FICO® Score versions. Your lender or insurer may use a different FICO® Score than the versions you receive from myFICO, or another type of credit score altogether. Learn more

FICO, myFICO, Score Watch, The score lenders use, and The Score That Matters are trademarks or registered trademarks of Fair Isaac Corporation. Equifax Credit Report is a trademark of Equifax, Inc. and its affiliated companies. Many factors affect your FICO Scores and the interest rates you may receive. Fair Isaac is not a credit repair organization as defined under federal or state law, including the Credit Repair Organizations Act. Fair Isaac does not provide "credit repair" services or advice or assistance regarding "rebuilding" or "improving" your credit record, credit history or credit rating. FTC's website on credit.

PRIVACY NOTICE: When you visit this website we collect your browsing activities on our site and use that information to analyze and research improvements to the website, and to our products and services. When you register for our products and services, we also collect certain personal information from you for identification purposes, such as your name, address, email address, telephone number, social security number, IP address, and date of birth. Further information is available in our FICO Data Privacy Policy. For visitors with visual disabilities, access to this website, including our FICO Data Privacy Policy, is available through assistive technologies, such as BrowseAloud, JAWS, VoiceOver, Narrator, ChromeVox, and Window-Eyes. More details on software and accessibility are available at WebAIM.org.