Can Your Phone Be Hacked if Someone Knows Your Phone Number?

Perhaps you have found yourself in a situation where your phone was hacked and it left you wondering how the heck it happened. 

Nobody can hack into your phone if the only information they have is your phone number, but knowing your phone number is the first step in gaining unauthorized access to your personal accounts. 

Your Phone Number is Also Your Identification Number

Obviously, you would never think to post your social identification number somewhere public and you would never hand it over to a random acquaintance.

Your phone number is the way through which people contact you, and keeping it secret defeats the purpose of a phone for social connection.

The phone number that you use across all your personal accounts to verify your identity, is a valuable target.

Arguably, your phone number is more important for identification purposes and cross-linking your accounts than your official government-issued social identification number.

So what happens when someone knows your phone number and decides to target your accounts?

5 Signs that Your Mobile Phone has Been Hacked

1. Unrecognized Phone History: You notice something you don’t recognize on your phone (i.e., apps you didn’t download, messages you didn’t send, purchases you didn’t make, suspicious phone call history);
2. Battery Hog: Your device is utilizing way more resources and battery power and becomes hotter than usual. Malware working in the background might reduce its power significantly;
3. Data Use Unaccounted For: Mysterious data usage spikes without any changes on your part. Malicious processes might be consuming your mobile data in the background as they track what you do;
4. Odd Phone Behaviour: Apps that don’t run the way they should, switch on and off unexpectedly, or that crash or fail to load;
5. Pop-Ups: If you notice lots of pop-ups appearing on your screen, you probably have spyware or malware.

Was it Hacked With Just a Phone Number?

A phone number on its own isn’t able to be hacked by everyday hackers. But your phone number and some charm is an effective hacking combination.

A hacker does not necessarily have to have the full technical knowledge or be a hacking guru before he or she can successfully hack into your phone and accounts. All they need is your phone number and a little knowledge of social engineering. What a hacker will do is to get your phone number, contact your service provider by speaking to the customer service representative claiming that he or she is you and he or she may claim that you misplaced your phone or got it stolen. The questions generally asked by service providers are about a person’s date of birth and where someone lives. Once the hacker can answer this perfectly, the service provider is convinced that the caller is you, and the hacker will request the representative of the service provider to “port-out” your phone number to another SIM card or carrier. 

Assumed Identity

Once the “port-out” is done, your phone number will become activated on the hacker’s SIM card and he or she can then make calls, receive and send messages as if they are you. You may not even notice that your number is not longer working while you operate your phone; the only way you could know is if you suddenly lose cell service without any reason. The hacker will from there have access to your accounts connected to your phone.

What Can Hackers Do With Your Phone Info

Once a hacker has control over your phone, he’s likely to go straight to your email because you most likely have other accounts connected from there.

Since he has access to your phone number, to access your email account, all he needs to do is to press the “forgot password” at the point of login. If you have 2FA, the link to reset the password will be sent back to your phone number, which he now has control over, as he receives all messages. After getting access to your email account, the next action is to access all your online accounts including your social media accounts. Of course, he does not know the passwords to those accounts, but he can again click on the “forgot password” button to reset the passwords. Those websites will also send the passwords to your compromised email address. 

It will be difficult to recover your phone number and prove your ownership of your accounts that have been taken over, linked to your compromised phone number. Worse still, the hacker may copy, delete, or share your personal data. The best thing is to be sure this kind of situation does not happen to begin with.

Other Ways to Get Your Phone Hacked Using Your Phone Number

There are some other methods to use to hack your phone through your phone number. I will list them and give you a simple explanation.

• Smishing — phishing via SMS — the new hobby of opportunistic losers. Hackers also get access to phones by sending fake text messages to the numbers of their target so that they can get information about the username and the password of the individual. They usually do this by sending a text that contains a link to a fake website (the website will look as identical to the original one as possible) and record all the data that has been input, which will be sent to the hacker.

• Spyware defeating two-factor authentication: Hackers try to install spyware onto your device. They get access to an SMS code from a company that confirms your identity when logging into your account. They see what you see. Hackers can then have access to all your online accounts including your bank accounts, Twitter page, Facebook page, Evernote, Dropbox, iCloud, Yahoo Mail, Gmail, and many other websites connected to your phone. You will get your information exposed and perhaps, could be blackmailed.

• Sending links to malicious apps: This is one of the ways through which hackers hack your phones. How do they do it? They send links to malicious apps through SMS messages by appearing like a legitimate organization that is trying to provide a genuine app. They aim to ensure you install or download the app on your phone and once you open up, you provide access to the hacker without knowing. Once you click the link and approve the app’s requested permissions, you unknowingly give someone else the heightened user privileges required to use your phone, copy your data, and take control over your phone and accounts of apps accessed via your phone. That is the downside of the convenience of having your bank accounts and cryptocurrency accounts connected to your mobile device for easy access.

How Can You Protect Your Phone Numbers From Hackers?

There are basic steps anyone can take to protect their devices. For example, most abuses are easily prevented by enabling 2-factor authorization and having a secret passphrase that your service provider must request before allowing a password change. 

• Never let anyone have free access to your phone
• Use a good phone lock app
• Avoid Rooting or Jailbreaking your device
• Use a good antivirus app
• Turn off bluetooth
• Secure your home Wi-Fi with a strong password
• Use a VPN – virtual private network — on any public Wi-Fi network

There are several precautions you can take to help protect your phone number and your device from hackers:

1. Secondary security code or passphrase: Just like the two-factor authentication that you use for your online accounts, you could also add a secondary security code to your phone account. Either you do this online or you call your service provider to do it for you. This layer of authentication will ensure that only you have access to change the code. However, do not rely on this as a fail-safe layer because a customer service representative may forget to ask for the code when the hacker disguises himself as you.
2. Don’t answer your security questions truthfully, or give different answers for each site: When you choose your security questions for logging into sites that you access from your phone, it is better not to answer the security questions truthfully. Although truthful answers are easier for you to recall, your truthful answers to your childhood best friend or first dog’s name are likely ripe and ready to be harvested by the wrong people from your social media pages or the ol’ myspace-like survey forms. If you’ve filled out any questionnaire and posted it to your social media, you might as well serve your passwords on a platter to anyone who wants control of your phone and accounts. Do not use the same security question for all sites. Most people use the same password for many accounts; don’t be the many. Use a password manager or good ol’ pen and paper to record your different passwords for different accounts; this will ensure that even if the hacker successfully guesses your pet’s name and logs into one website, he’s not guaranteed to access other websites.
3. Do not connect your phone number to any of your sensitive accounts: If you don’t want your online accounts to be hijacked through your phone number, do not connect your primary phone number to those accounts, including your email address. Better yet, if you’re in the United States, you can sign up for Google Voice and use that number for your online accounts. You can also create a new, dedicated-to-shopping-use Gmail account, without connecting it to any of your existing email accounts. To do so, just leave the phone number fields blank. Once you are done, you can create a new Google Voice number and then secure the account with a very long high-entropy password and a one-time passcode generator.
4. SIM card locking: You can also protect your SIM card from getting hacked by putting a passcode on it. You can do this by setting this code on your iPhone and Android. For iPhone users, follow this sequence on your phone; go to Setting-> Cellular-> SIM PIN. For Android users, follow this sequence on your phone; go to Settings-> Security&Location-> Other Security-> SIM card lock and you can successfully lock your SIM Card.
5. Another layer of security: have two phones. Buy a prepaid phone plan or SIM card and dedicate that phone number for important accounts associated with unchanging data: your banking, government, mortgage accounts; you know, sensitive accounts you want to safeguard. Then continue using your probably already compromised “everyday phone number” for friends and work. 

Though these steps might seem time-consuming, you can accomplish them to prevent any major risk of getting your phone hijacked. Remember that it is better to prevent it than to find all your compromised accounts, see what the damage is, and try to recover and rebuild your identity and reputation, bit by bit.

OpenSource App to Monitor Your Phone and Block Unauthorized Data Use

Android Phone: Use NetGuard (also available from the f-droid or Aurora app store). “NetGuard is the first free and open source no-root firewall for Android.” NetGuard provides simple and advanced ways to block access to the internet — no root nor any Google services required. Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

Blocking access to the internet can help:

• reduce your data usage
• save your battery
• increase your privacy

Implement these strategies right away. Prevention is better than cure.

Why You Don’t Want to Make Your Phone Number Publicly Available…

SB

I've been practicing OSINT and utilizing Linux as my daily operating system for over twenty years. The tools are always changing and so I'm always learning, but helping you understand the value of protecting your own data remains at the forefront of everything I do.

Keep Reading

Explore more →

Is Your Neighbour Using Your WiFi? How to Find Out and End the Free Lunch

Is Your Dumb Password on This List?

Here is an updated list of common passwords discovered in data breaches. This file contains the top 100,000 passwords from the Have I Been Pwned data set. If you see a password that you use in this list you should change it immediately.

What Exactly Can My ISP See When I Use a VPN?