YOUR CELL NUMBER MAY LEAD TO YOU BEING SCAMMED
To hackers, your 10 digits are the door to a gold mine of personal information
No matter what I do to protect my digital privacy, especially on my handheld devices, I can’t seem to keep up with new threats. I came across yet another one a few weeks ago, when I stumbled across a blog post titled, “Your cell phone number is your new Social Security number” by private investigator (and former FBI agent) Thomas Martin who has also written a new book, Seeing Lives Through Private Eyes: Secrets from America’s Top Investigator to Living Safer, Smarter, and Saner.
Martin’s message was clear: Our cellphone numbers are being used increasingly by information brokers as the window to personal information that’s kept by nearly all corporations, financial institutions and, yes, social media networks. What disturbs him is how lackadaisical we are about keeping our numbers private.
In an interview, Martin started off by asking me: “If someone you just met asked for your Social Security number, what would you do?” That was easy — I’d tell them it was none of their business. What if they asked for your cellphone number? That depends, I answered, although I know I’d probably hand over my 10-digit number in a flash, as I do in stores and online on a daily basis. Wrong answer, he told me. Your cellphone number, unique to you, is the gateway to your identity. It provides an entrance to all the data contained on your phone and can connect your other info to you — your email address, physical address, everything.
Once Martin told me all this, I started to pay attention to how often I’m asked for my cell number, either in person or online. Amazon does. Netflix, too. My bank. My health insurance company. And just the other day, shoe retailer Johnston & Murphy demanded it when I was buying a $69 belt. I balked, and they let me buy the belt anyway — but when I went back to return it a few days later, the clerk said: “You can’t return it without providing your cell number.” I explained I didn’t want it in the company’s database, so she made up a number to type in, but not before smiling at me and saying with a scary smile: “We want all the information about you we can get.”
Yes, I know. Of course, when I called the retailer in Nashville, vice president of e-commerce Heather Marsh told me asking for a phone number is all about the consumer’s convenience. It makes shopping faster because it’s “easier to get (access) to your records” if you’ve made a purchase there before. Marsh promised me it’s not used for marketing — but that’s only one leg of this twolegged monster. Once in the database, your phone number becomes another piece of personally identifying data. But unlike our Social Security numbers, “this number is not regulated, and no companies are mandated to keep it private,” Martin explained.
The more I learned, the more troubled I became. JD Sherry, vice president at Remediant, a top cybersecurity company, says mobile phones are a “tasty target” for attackers. Most of us have gotten wise to phishing as an entry point to email breaches, but Sherry introduced me to an emerging trend called SMiShing (pronounced “smishing”). “This is the act of sending a text message containing questionable links to websites that might not be in your best interest to visit,” he said.
“The bad guys,” as Sherry calls the hacker class, want to steal your credentials or install malicious software so, for instance, they can log into your banking site as you. Then, we all know what can be done: Monies transferred. Checks written. Stocks sold.
Even seemingly innocuous requests like the one from the Johnston & Murphy sales clerk can open a Pandora’s box. While Marsh said the company doesn’t use the data for marketing, the fact that they now have it means it could be hacked. “Customer phone numbers have been stolen in a large variety of data breaches including those of Anthem, Citigroup, JPMorgan Chase, Wal- greens and Yahoo,” Eric Vanderburg, director of information systems and security at Jurinnov Ltd., reminded me. All true.
THE TAKEAWAY:
Use common sense: If you’re asked for your phone number, ask why. In general, don’t give it out to people you don’t know.
Get a virtual phone number: This is similar to a virtual credit card number, where you have what’s essentially a fake number as your public number. Here’s where you can get one from Google Voice: https:// voice.google.com
Enable two-factor or multi-factor authentication
on all your devices: This is what happens every time you go to an ATM: To make a withdrawal, you need both your debit card and a PIN number. That’s twofactor authentication, which amps up the level of security on your devices.
Get more than one cell
phone: Martin has three, but he only gives out the number to the phone that contains no data or links to personal information.
Your number provides an entrance to all the data on your phone and can connect your other info to you — email address, physical address, everything.
Choose which private data you are willing to share: When I went back to buy another belt at Johnston & Murphy, I gave up my ZIP code instead of my phone number.