What Can Hackers Do with Your Phone Number?
About 60% of the world’s cyberattacks start on mobile devices [*]. And it’s easy to see why.
Your phone number is an easy access point for scammers and identity thieves. Once they know your number, they can use it to send you phishing texts, trick you into installing malware and spyware, or use social engineering attacks to get you to hand over your personal identifying information (PII).
And once they gain access to your PII, it doesn’t take much more to access your financial (and other sensitive) accounts.
Let’s examine how hackers can steal your phone number, what they can do with it, and how you can protect your mobile number and personal information from identity thieves.
How Can Someone Hack Your Phone Number?
If your number falls into the wrong hands, you could become a victim of phone scams, financial fraud, and identity theft.
Unfortunately, it’s remarkably easy to find someone’s number.
Data breaches are among the most common ways that scammers get access to your phone number. But there are plenty of other ways they can steal your digits as well.
“People search” sites like WhoEasy collect and sell your personal data to telemarketers and hackers.
Even if you’re cautious about what you share online, it’s not always possible to keep your number safe from criminals. Here are five common ways a thief may try to find your telephone number:
- Social media. Many social media platforms allow (or even require) users to list their phone numbers. While that can help with platform security, it creates a potential security risk for your identity protection. Placing your number on websites and social media networks makes it easy for criminals to contact you and initiate fraud schemes. Here are some more tips on how to enhance your social media privacy.
- Phishing scams. Criminals fool unsuspecting victims by sending emails or texts that impersonate legitimate organizations. Once the scammers gain your confidence, they can direct you to a website to obtain personal information, like your phone number. In the first quarter of 2021 alone, researchers discovered over 611,000 phishing sites [*].
- The Dark Web. Beneath the publicly accessible section of the internet lies the Dark Web. Among other things, this is where criminals buy and trade personal information that is often stolen during a data breach. Phone numbers were the fourth most-common pieces of personal information leaked via data breaches in 2021 [*].
- Shoulder surfing. Scammers can also listen in and steal your phone number while you’re in public places. In a more sophisticated version of the shoulder surfing scam, hackers hack public Wi-Fi and intercept any information you submit to a website.
- Stolen mail. Nefarious individuals can rifle through your garbage to find sensitive information. Make sure to shred any documents that contain your phone number and other personal information.
What Can Hackers Do with Your Number?
In the past, a hacker couldn’t cause much financial damage with just your personal phone number.
Today, however, our mobile devices serve as much more than address books. We store reams of personal information on our smartphones — including photos, emails, and account passwords.
Once hackers have your number, they can use it to gain access to your most sensitive and valuable data, such as your:
- Email accounts and contact lists
- Financial assets and bank accounts
- Current and previous home addresses
- Social media and other online account passwords
- Date of birth and Social Security number (SSN)
- Names and contact information for your friends and relatives
- IP addresses (for both your phone and computer)
- Sensitive photos and videos that they can use for blackmail (i.e., “sextortion”)
- Documents such as medical records, professional licenses, and ID
The Top 8 Ways Hackers Use Your Phone Number Against You
- Rerouting your messages
- Stealing your personal information
- SIM swaps
- Text scams and spyware
- Doxxing that leads to harassment and fraud
- Blackmail using your sensitive data
- Spoofing caller ID numbers
- Preying on your family
Once criminals have your phone number, they can engage in a range of identity theft schemes.
Here are descriptions of the eight ways hackers could use your phone number to steal your PII — and cause financial damage.
1. Rerouting your texts and calls
Mobile phone companies have security features to prevent scammers from making changes to your account. Unfortunately, however, hackers have found ways to reroute your number.
Here’s how it plays out:
- Hackers contact your phone carrier company claiming to be you. They use your stolen personal information to pass security checks.
- They ask the company to reroute your phone calls and messages to their number. Once the rerouting is complete, the scammer can intercept all communications meant for you.
- Even worse, they can log into your online accounts by selecting “forgot password” and then use the password reset link that is sent to their phone to take over your accounts.
- In another version of this scam, fraudsters will message you about an item you have for sale and ask you to “verify” your identity by sending them a code. But what arrives is actually a verification code that will allow the scammer to take over your phone number.
In the news: In March 2021, Vice ran an experiment with a hacker to demonstrate how easy it is to reroute a phone number [*]. Within minutes, the hacker was able to take control of the reporter’s number. The hacker then rerouted all calls and messages and gained access to the reporter’s Bumble, WhatsApp, and Postmates accounts.
📚 Related: How To Know if Your Phone Is Hacked (and What To Do) →
2. Stealing your personal information
Because most of us rarely change our phone numbers, those numbers become deeply connected to our other personal information. That means that if scammers have access to your phone number, they can find out all sorts of other information about you (and use it to steal your identity).
Here’s how it plays out:
- Scammers find your phone number on social media or by using a reverse lookup service like Whitepages.
- Next, they search your number online to find other information that is attached to it. This could include other online accounts, your address, birthdate, and more.
- They use this information to steal your identity, or to design social engineering attacks that you’re likely to fall for.
3. SIM swaps
SIM swapping — or SIM jacking — occurs when fraudsters use your mobile carrier’s “porting” feature to gain access to your phone number. Porting is a security feature that protects your data when you change phone carriers. But scammers can exploit the system to take ownership of your number under a new SIM card.
Here’s how it plays out:
- A scammer calls your phone carrier company and impersonates you to request that the company "port-out" your phone number.
- The company switches your phone number to the hacker’s SIM card.
- With control of your phone number, the hacker not only can receive messages on your behalf — but also send messages, make calls, and access your accounts.
In the news: Twitter CEO, Jack Dorsey, was a victim of a SIM swap scam in 2019 [*] when hackers used his phone number to take over his Twitter account. Since then, the problem has grown. The FBI reported 1,611 complaints in 2021 with victims losing a combined $68 million to SIM swapping scams [*].
📚 Related: Is Identity Theft Protection Really Worth It? →
4. Text scams and spyware
Fake text message scams (also known as smishing) are an increasingly common method that hackers use to try and trick people into sharing sensitive information or downloading malware onto their devices.
Here’s how it plays out:
- Perpetrators send malicious SMS, texts, or messages on Telegram and WhatsApp that claim to be from reputable businesses.
- The messages include phone numbers or links to phishing websites. If you engage with either, the hacker will attempt to obtain your personal information.
- Alternative text scams include bogus links that initiate a malware download. If you click on the link, your phone downloads spyware that allows hackers to read your messages and access your online accounts.
5. Doxxing that leads to harassment and fraud
Doxxing refers to the malicious act of revealing someone’s private information online to the public. The term comes from 1990s hacker culture in which rival hackers would “drop docs” to reveal someone’s true identity.
Today, doxxing can lead to harassment, fraud, and other abuses of privacy.
Here’s how it plays out:
- A hacker uses your phone number to gather and release your sensitive information on social media or other public sites.
- The doxxing might happen on the Dark Web, where hackers dump thousands (or even millions) of people’s personal information after a data breach.
- Once hackers obtain your information, they can use it to harass you, steal your identity, or access your online accounts.
📚 Related: How To Quickly Identify a Scammer on the Phone →
6. Blackmail using your sensitive data
Some scammers will use your phone number to engage in blackmail. If they access sensitive information — like photos and videos — they can threaten to release it to the public unless you pay a ransom.
Here’s how it plays out:
- Scammers enter your phone number into a people search site (such as Fast People Search) to reveal personal information about you.
- Or, if they have access to your number, they could access your iCloud accounts and other image storage services. (This is how CelebGate happened — when sensitive photos of celebrities were leaked online.)
- Once scammers find sensitive information, they blackmail you for money.
- It’s impossible to know if they will follow through on their bluff or not. But if you don’t pay up, the scammer may expose your personal data online or sell it on the Dark Web.
📚 Related: What Is the Google Voice Verification Code Scam? →
7. Spoofing caller ID numbers
Spoofing is a scam in which hackers adjust the caller ID shown on the recipient's phone so that it seems to come from a reputable organization. This is how a scammer can call you with your caller ID reading “IRS” or “FBI.”
Here’s how it plays out:
- You get an incoming call from a known and reputable business or government organization, like the IRS. You answer the call and unwittingly engage in conversation with a fraudster.
- The fraudster impersonates an official representative and informs you of an urgent situation. For example, they may say you have an unpaid tax bill or need to “confirm” your SSN to protect it from scammers.
- The spoof caller will attempt to convince you to share personal information or make a credit card payment over the phone.
In the news: USAA Federal Savings Bank warned customers about a spoofing scam after a Phoenix couple was tricked into transferring about $2,000 from their account [*]. Ed and Cyndy Evans believed the text messages they received were from the bank. In reality, the scammer quickly took their money and locked them out of their accounts.
8. Preying on your family
Sometimes, hackers don’t go after you when they have your phone number — they target your loved ones instead. In these scams, fraudsters use your number to trick family members and friends into disclosing personal information or sending money.
Here’s how it plays out:
- Hackers take over your number, usually through a SIM swap or account takeover.
- Then, they send messages to a family member (such as a vulnerable grandmother) claiming they need financial assistance to get out of an emergency. For example, they could say they are hurt or in prison and need money for hospital fees or bail.
- In a desire to help you (and frightened for your safety), your family member might wire money, not knowing the money is being sent to a scammer.
How To Secure Your Phone Number Against Hackers
Hackers can cause serious damage to your identity, reputation, and bank accounts with just your phone number. But with a few steps, you can secure your number against scammers.
Here are some ways to make your phone number more difficult for prying cyber criminals to hack:
Always use two-factor or multi-factor authentication (2FA/MFA)
Two-factor authentication (2FA) is a cybersecurity measure that protects access to your accounts. You can contact your phone carrier’s customer service department and ask them to set a secondary password on your account. This way, only you can make changes or port out your phone number.
Lock your SIM
A SIM lock can help prevent scammers from SIM swapping your phone. The lock requires an additional PIN number in order for anyone to make changes or use your number.
To set up a PIN on your SIM, contact your carrier, or set it directly on your iPhone and other iOS devices.
Pro tip: A password manager can help protect your devices from SIM swapping and other phone scams. While hackers may gain access to your phone number to bypass 2FA, a password manager allows you to easily use unique and strong passwords that hackers can’t get around.
Avoid clicking links from unknown senders
When you receive text messages or emails from unknown senders, resist the temptation to click on any links. If you get a message about a missed delivery, or find a message waiting for you in an online account, log into the service directly — not from the provided link.
Always research senders to confirm they are trustworthy and have authentic verification.
💡 Related: Can iPhones Get Hacked? How To Tell & What To Do →
Ignore one-ring phone scams
Scammers want to get you on the phone. One way they’ve learned to do that is by calling you from a spoofed number and hanging up right away. If this happens to you, don’t let your curiosity get the better of you. Don’t call back; instead, block the number.
Never call back a number from an unsolicited text
If you receive a strange text message asking for you to call a phone number, ignore it. These are almost always text message scams where fraudsters want to get you on the phone and trick you into giving up personal information.
Get fraud monitoring
Aura’s credit and fraud monitoring checks your bank accounts, credit cards, and credit reports for suspicious activity. If scammers gain access to your bank account through your phone, Aura will let you know quickly so that you can shut them down.
Keep your phone safe in public
The easiest way for a scammer to steal your phone number is to get physical access to your phone.
When criminals stole my phone while I was on vacation, they were able to access all of my accounts, lock me out of my email, and steal tens of thousands of dollars. Always keep your phone in sight, and set up biometric security measures like fingerprint ID to secure your phone if it’s stolen.
📚 Related: 10 Airbnb Scams That Will Ruin Your Next Vacation →
Install antivirus software
You can use antivirus programs on both mobile and computer devices. Cyber security programs block malicious code or malware, making it harder for hackers to access your data or steal your phone number.
Ensure that the websites you visit are the real deal. Hackers will create fake websites by changing one letter or number of a webpage URL (for example “Walmrat” instead of “Walmart”).
These sites might appear identical to service providers such as your bank — which can trick you into sharing your phone number and other sensitive information.
Shred old documents
Never throw away anything that contains identifying information, such as your phone number. Make sure to shred or burn the files so that the data is unrecoverable.
Did Your Phone Number Get Hacked? Do This Now
Maybe it’s already too late, and you know that someone has your phone number and is targeting you with a scam.
Here’s what to do if you think a hacker has access to your phone number:
- Contact your phone service provider. Let your mobile service provider know that your accounts have been hacked. Request a second password for account logins to prevent anyone from gaining illegal access.
- Get the word out. Tell your friends and family that your number is now compromised by scammers.
- Update your 2FA information. Change any accounts that use your phone number for 2FA. Even better, use an authenticator app like Authy instead. These tools combine passwords and biometric data to secure your accounts.
- Regularly check your credit report and bank statements. Scammers are almost always after your financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts you don’t recognize. An identity theft protection service like Aura can monitor your credit and statements for you and alert you to any signs of fraud.
- Keep your circle small. Don’t give out your phone number to any new people for the time being. Limit the scammer’s potential target pool.
- Change your security questions. Immediately change your security questions on Google, Facebook, and any other online accounts in case they’ve also been compromised.
- Contact the authorities. If your identity has been stolen as a result of a phone scam, file an official report with the Federal Trade Commission (FTC) at IdentityTheft.gov. If you have any information that could help lead to an arrest, you’ll also want to file a police report with your local law enforcement.
- Follow the Fraud Victim Checklist. Take steps to secure your accounts and minimize the damage from fraud.
- Consider signing up for identity theft protection. Aura combines top-rated identity theft protection with 24/7 credit monitoring, digital security tools like antivirus and VPN, and $1,000,000 insurance against eligible losses due to identity theft. Try Aura’s 14-day free trial for immediate protection while you’re most vulnerable.
💡 Related: How To Recover a Hacked Facebook Account →
The Bottom Line: Protect Your Phone Number From Scammers
Hackers don’t care if you use an iPhone or an Android phone. All they need is your phone number to steal your identity, money, and more.
As hackers get more sophisticated, you must take preventive action to keep your devices, finances, and identity safe. Lock your SIM with a PIN code, be careful with unsolicited calls and text messages, and try not to give out your phone number to too many people.
For added protection, sign up for Aura’s all-in-one digital security solution.
Aura protects your devices from scammers, monitors your online and financial accounts for signs of fraud, and keeps your passwords secure. And if the worst should happen, you’re covered by a $1 million insurance policy for eligible losses due to identity theft.