There used to be a time when you had much less control over your phone number. If you moved to a different area code, you had no choice but to get a new phone number.
But times have changed with technology improvements, and now if you move, you can take your mobile number with you. If you want to switch numbers when you purchase a new smartphone, you can do that too.
However, there are risks involved with dropping your mobile phone number and this is also thanks to technology. Our mobile numbers are tied to so many things, that if you don’t properly secure your device’s old number before getting a new one, you could be in for a big problem with account breach or identity theft.
Our mobile number has become part of our digital identity. It’s used to get shipping notices, reset our bank account passwords, and do many other sensitive activities.
Some of the common communications that come via text message to our cell phones include:
- Money transfer notifications (from apps like Zelle)
- Shipment delivery confirmations
- Multi-factor authentication codes
- Banking alerts
- Password resets links
- Medical appointment confirmations
- Bill pay reminders
- Prescription refill notices
- Suspicious bank transaction alerts with a link to confirm
- And more
Now imagine that the person that gets issued your old number is a criminal that trolls mobile carrier sites for reused mobile numbers and finds your old one.
This is something that digital thieves do. They’ll review those carrier sites that show numbers that are available and look for non-sequential digits. Sequential numbers indicate they are newly issued numbers, but those that are non-sequential are most likely old numbers that were recycled and used by someone else.
The criminal can then do a quick Google search online to see if any interesting details come up when that number is input, like a Facebook or LinkedIn page or any website where that number may have been used in the past.
These numbers in the wrong hands can be used for account takeover, social phishing, and more.
University Study on Potential Theft from Recycled Mobile Numbers
Princeton University did a study on the risk of abandoning your mobile number without properly cleaning up its digital footprints first. It found that there is a big potential for harm to the former owner through account takeovers.
The study researched 259 mobile numbers that were listed as available to new subscribers on two major mobile carrier websites. 171 of them (66%) were connected to accounts with popular websites.
Because mobile numbers are often used to do password resets or get MFA codes, a hacker could see a number is connected to an Amazon account and potentially do a full password reset and login if that number is still listed in the user’s account.
Old numbers are often left in website accounts, because changing their phone number on all the sites they visit, is not usually one of the first things people do when changing phones or numbers.
In the Princeton study, researchers were able to look up those phone numbers listed as available on carrier sites and find personally identifiable information online about the former owners.
Further, they found that 100 of the 259 numbers were linked to leaked login credentials that had been involved in a data breach. Making them even more at risk if still tied to the former owner’s accounts.
Details on the study by Princeton University into recycled mobile numbers.
Steps for Safely Changing Your Mobile Phone Number
This data doesn’t mean you’re stuck with your mobile number forever or that a company has to keep paying for mobile numbers it no longer needs. What it means is that some steps need to be taken to “clean up” the digital footprints of a number before you abandon it.
Change the Phone Number in All Online Accounts
First, you’ll want to visit any cloud accounts or websites where you may have entered that phone number (online shopping sites, social media sites, business cloud app, etc.) and update the phone number.
Log out, close your browser completely, then go back to the site, log in and ensure the new number is showing.
Call Offline Retailers & Service Providers to Change Your Number
Offline retailers or service providers also use mobile numbers to send text messages. Such as appointment notices, prescription refill alerts, or even a note that your plumber is on the way.
Call these service providers or retailers to change your phone number.
Review Your Text Messages & Do an Online Search for Anything You’ve Missed
Next, review old text messages on your phone to look for any accounts or retailers you may have missed that send you text messages.
Use the same trick the thieves do when scoping out a recycled number and do a web search on your phone number. This may bring up online accounts where you shopped or have a credit card stored that you completely forgot about.
Change the number of any other accounts you found.
Test MFA & Password Reset for Sensitive Accounts like Online Banking or Anywhere a Credit Card is Stored
Finally, you want to test any accounts that are sensitive, like online banking or retailers where you have a credit card stored (iTunes, Amazon, etc.), to ensure the MFA and any password reset actions are being sent by text message to the new number instead of the old one.
Get Help Securing Your Mobile Devices
Mobile devices are being used more often these days than our PCs, but they’re usually left less secure. Pro Tech Guy can help your Framingham or Natick business review your company smartphones and ensure they’re properly secured from a breach.
Contact us today to learn more. Call 508-364-8189 or reach us online.