Cyber Security: Vishing – Are You Getting Too Many Scam Calls?
Are You Getting Too Many Scam Calls?
1 in 3 Americans report falling victim to phone scams, with 20% more than once. Total losses to phone scams totaled $39.5 billion in the past 12 months.
In this guide, we’ll explain how scammers get your phone number, what to do once a scammer has your number, and ways to keep your phone number and financial information safe.
How Do Scammers Get Your Phone Number?
Scammers want your cell phone number for a few reasons. They want to harass you, steal your identity, or access your online accounts. And eventually, they’ll come for your money.
Surprisingly, it’s pretty easy to find someone’s phone number — especially with the amount of recent major data breaches. For example, T-Mobile experienced a data breach in November 2022, which led to the leaks of over 37 million phone numbers and other Personally Identifiable Information (PII).
But data breaches aren’t the only way that scammers get your phone number. Your contact information could be compromised by:
Social media profiles: Many social media services (and other online accounts) require your phone number to set up an account. But without tightening your security settings, your phone number and other sensitive information can be publicly available to scammers.
- Data Broker Lists: A data broker collects and sells consumer information, like phone numbers and email addresses. Scammers can buy your phone number from these companies and use it to contact you.
- The Dark Web: The Dark Web is a layer of the internet wherein cybercriminals sell stolen and counterfeit data. Scammers can easily buy your phone number and other personally identifiable information about you on Dark Web sites and forums.
- Stolen Mail: Mail theft is rising, with over 33,000 reports of carrier robberies and mail theft in 2021. Scammers can get your phone number by stealing mail from your mailbox or local collection boxes.
- Target Lists: If you’ve answered or responded to previous phone scams, your contact information could be on a “target list” that scammers buy and sell to each other.
- Shoulder Surfing: Scammers can watch you type your phone number on a computer or mobile device. This is one of the few attack tactics in which the scammer must be close to you.
- Phishing Scams: Hackers can send you fraudulent text messages or phishing emails, tricking you into providing your phone number or other personal data.
- Autodialers: In some cases, scammers don’t even need your phone number. Autodialers generate and call random phone numbers. When you pick up, scammers can begin their attack.
What Can Scammers Do With Your Phone Number?
In the past, hackers couldn’t do much damage with just your phone number.
But today, a cell phone is more than just a digital address book. It stores vast amounts of personal information — such as photos, emails, and passwords for online accounts.
At best, you may receive a lot of scam and robocalls. However, hackers have more sophisticated attack methods that can take control of your most sensitive accounts (email, banking, etc.) with just your phone number.
Here are the most common ways that scammers may attack you using your phone number:
- “SIM swaps” that steal your phone number: Fraudsters don’t need to steal your phone to get access to your phone number. They can contact your phone provider and convince them to “swap” your phone number to a new SIM card — giving the scammers full access to your phone number. They’ll use your number to scam your friends and family members or use it to bypass two-factor authentication (2FA) security for your online banking or other accounts.
- Reroute your number: Scammers can also reroute phone calls and messages, then send login requests to your online accounts to access them. This attack takes minutes [*]. You won’t lose cell service, like in a SIM swap or port-out scheme, and your phone will act completely normal.
- Target you with scam calls and phishing attacks: Scammers can target you with fake calls and texts, posing as tech support agents, charities, or even the police. They will usually ask for your personal information to “verify” or “confirm” your identity.
- Discover more personal information about you (for identity theft): Scammers can find your full name and address using your phone number on sites like WhoEasy and Whitepages. Using this information, they can build a full picture of you and try to steal your identity.
- Spoof your number to target friends and family: Scammers can also use your phone number to “spoof” calls — meaning they’ll call your friends and family pretending to be you — and demand money or information.
- Hack Online Accounts: Fraudsters can try to access your online accounts (i.e., social media or banking) using your phone number. They can send a password reset to your phone and even trick automated systems into thinking they are you.
- Send Malware or Spyware: Scammers may try to send you dangerous links via text messages that can extract your information. Once you download the software, hackers can read your messages and hijack your accounts.
- Extortion or Blackmail: Some scammers will use your phone number to threaten or blackmail you, using sensitive images or videos that they have obtained to coerce you into sending them money.
- Google Voice Scams: Scammers can set up a Google Voice number with your phone number. After getting the account approved, they can pretend to be you and scam others online.
- Doxing: Scammers can use your phone number to gather and release sensitive information to public sites and social media. They could also dump your information on the Dark Web for others to purchase and use.
What To Do If Scammers Have Your Phone Number
Whether you were the victim of a massive data breach or your phone number was compromised in some other way, you should take action if you start to receive calls from scammers.
Here’s what you can do to protect your mobile number and personal information from thieves.
Let your mobile carrier know right away if you think that your phone number may be hacked or compromised. Your provider can help you regain access to your phone or hacked SIM card, if that’s the case.
Most major carriers also offer spam and scam call blocking tools to reduce the amount of scam calls that you receive.
How to block spam calls through your cell phone provider:
Most phone companies include anti-spam tools including:
2. Lock your SIM card
A SIM card lock is like a physical two-factor authentication (2FA) that stops hackers from using your SIM card. By locking your SIM, hackers can’t reset your passwords or impersonate you with another phone.
Your mobile carrier usually gives you a default PIN code with your SIM. For example, the default PIN for Verizon is 1111 — which makes it vulnerable to hacking.
If you don’t know your provider’s default PIN, don’t try to guess it. Check your provider’s customer service page or review the documents that came with your wireless plan.
How to lock your SIM card on Android:
- Go to Settings → Security → More security settings.
- Tap SIM card lock.
- Turn on “Lock SIM card” and enter the default PIN if you’re enabling it for the first time.
How to lock your SIM card on iPhone:
- Go to Settings.
- Tap Cellular.
- Then toggle SIM PIN on.
- Once locked, tap “Change SIM PIN” to change your PIN to a unique code for an added layer of protection.
3. Ignore one-ring phone scams, and never call back unknown numbers
Scammers sometimes actually want you to avoid answering their calls with the goal of getting you to call them back.
If your phone rings once and then stops, don’t call the number back — even if it looks like a local or U.S. phone number. Scammers use international numbers that look like American phone numbers to trick you into calling them back, leaving you with massive charges.
For example, “256” is the area code for Northern Alabama and the country code for Uganda, while “509” directs you to Haiti.
How to avoid a one-ring scam:
- Only answer or return calls from numbers you know. Be cautious, even if the number seems legitimate.
- Before returning calls from an unknown number, check if the area code is international.
- Ask your provider to block outgoing international calls on your line.
4. Never click on links in text messages from unknown senders
Look out for texts and messages on WhatsApp or Telegram that try to spread viruses to your mobile phone. This type of attack is known as smishing (short for “SMS phishing”) and occurs when a scammer tries to scam you through SMS.
A few tips to help you avoid phishing attacks:
- Only click on text links if you are 100% certain that you know who the sender is and where the link goes.
- Never give out usernames or passwords to unknown senders.
- Do not install apps or software via texts or messaging apps.
- Enter a suspicious web page’s address manually into an address bar rather than clicking on a link.
5. Secure your online accounts with strong passwords and 2FA
If scammers have access to your phone number, they could potentially use it to hack into your online accounts — including your email, social media, and even your bank account.
The best way to combat this is by using strong, unique passwords for every online account that you have — along with additional security measures, such as a secure password manager and two-factor authentication (2FA).
Here’s how to safeguard your online accounts against phone scammers:
- Use a secure password manager with a built-in random password generator. For example, the password manager included with Identity Guard will automatically create strong passwords for your accounts and store them for later use.
- Add two-factor authentication to all of your online accounts. However, don’t use your phone number or SMS for 2FA. Instead, use an authenticator app like Authy, which combines passwords and biometric data to safely secure your accounts.
6. Block scam calls on your phone
There are numerous spam filtering and blocking apps that you can use on your phone. However, it’s best to stick with the built-in features on your phone (instead of third-party apps) as some apps may actually steal your private data, according to TechCrunch.
How to block spam calls on Android:
- Open the Phone app and tap on the Recent tab.
- Long press (for several seconds) the number you want to block.
- Tap Block/Report Spam.
- Decide if you want to uncheck the box marked Report call as spam.
- Then tap Block.
How to block spam calls on an iPhone:
- In the Phone app, tap Recents, then tap the Information icon next to the number you want to block.
- Scroll down and tap Block This Caller.
7. Remove your phone number from data broker lists
Many scammers obtain phone numbers from public records and data brokers. You can remove your name, address, and phone number from data broker lists and people search sites for free. Unfortunately, there are currently an estimated 4,000 data broker companies in existence.
Top people search websites from which you can remove your information:
- Acxiom
- Epsilon
- BeenVerified
- FamilyTreeNow
- FastPeopleSearch
- Instant Checkmate
- Intelius
- PeopleFinders
- Spokeo
- TruthFinder
- USPhoneBook
- ZabaSearch
8. Freeze your credit with all three bureaus
Among the biggest risks of scammers having your phone number (and other personal information) is that they can open new lines of credit or take out loans in your name.
Activating a credit freeze is one of the best ways to stop anyone from opening new lines of credit in your name. To freeze your credit, you’ll need to contact each of the three major credit bureaus individually — Experian, Equifax, and TransUnion.
When you make the request, you’ll need to provide:
- Your name
- Date of birth
- Address history
- Social Security number (SSN)
Credit freezes last until you lift them. After you freeze your credit, you’ll receive a unique PIN that you can use to freeze and unfreeze your account. Be sure to keep it safe.
Here’s how to contact each credit bureau:
Experian | Equifax | TransUnion |
| | |
1-888-397-3742 | 1-800-685-1111 | 1-888-909-8872 |
Experian Security Freeze — P.O. Box 9554, Allen, TX 75013 | Equifax Information Services LLC — P.O. Box 105788, Atlanta, GA 30348-5788 | TransUnion LLC – P.O. Box 2000, Chester, PA 19016 |
9. Consider signing up for a digital security service
While you can do a lot to protect yourself from phone scammers and identity thieves, it’s almost impossible to constantly be on the lookout for threats.
Companies that specialize in this such as Identity Guard’s fraud and credit monitoring does the work for you by monitoring your credit cards, financial accounts, and credit reports for fraudulent activity. If someone gains access to your bank account from your phone, Identity Guard will immediately alert you so that you can stop the scammers in their tracks.