This is an excerpt from Dollar Scholar, the Money newsletter where news editor Julia Glum teaches you the modern money lessons you NEED to know. Don't miss the next issue! Sign up at money.com/subscribe and join our community of 160,000+ Scholars.
You know me as Julia, but I have other identities, too.
Sometimes I’m beentotheyear3000. In other instances, I’m lalalalifeiswonderful. If we’re really digging deep, I may even introduce myself as DanceGal444.
Those are just three of the many email aliases I use to sign up for various free trials, rewards programs and online subscriptions. I don’t always want to give retailers my regular email address because my inbox gets clogged quickly, and I need to be able to see my coveted UberEats discounts the instant they come in. So I switch it up, swapping in different addresses for different situations.
I may have a bunch of email accounts, but I’ve only got one cell phone number — the same 10 digits I’ve had my entire life. As such, I hesitate when a place asks for my phone number. It just feels more intimate… and potentially riskier.
Will safeguarding my phone number protect me from identity theft?
Sathish Muthukrishnan, the chief information, data and digital officer at Ally, tells me in an email that there is indeed a security risk in sharing my phone number, whether it’s with a band I like (looking at you, Community) or a restaurant I frequent.
“Providing your number to stay on top of tour dates or earn points is certainly convenient, but keep in mind that local cafes and smaller marketing companies typically do not have robust cybersecurity teams or advanced technologies to protect your information,” he adds.
Muthukrishnan went on to say that there’s a security risk in giving out any kind of data. With phone numbers, scammers can reverse-search and find my full name, home address, voter registration, gender, race and more.
“Even well-known companies openly share your personal information with affiliated companies and other third parties,” he adds. “It’s a good idea to check their privacy policies at the bottom of their homepage before sharing.”
In fact, Paige Schaffer, the chief executive officer at identity protection firm Iris, tells me that my phone number is probably already out there on the dark web. The true risk, she says, is when a bad guy can link my phone number to other parts of my identity.
If, for example, a scammer has my name and cell number, they may be able to fake my caller ID with one of those spoofing apps and, if they're particularly clever, convince a customer service rep for my bank to reset my password, thereby gaining access to my account. (This is especially easy if the answers to my security questions can be found on social media.)
Or they could use SIM swapping to take over my phone number, answer multi-factor authentication requests, and hack into accounts for my online bank or credit card. Last year, the FBI reportedly received more than 1,600 SIM-swap complaints from people who lost $68 million.
Because I don’t know the extent of what a hacker might already have, it’s extra-important to keep my phone number close to the chest.
“A savvy fraudster can wreak havoc with a few pieces of information, and a phone number can be a stepping stone to more,” Schaffer adds.
I also need to be hyper-vigilant about inbound communications, says Eva Velasquez, the president and CEO of the Identity Theft Resource Center. If I sign my phone number up to get discounts at my local coffee shop, I should generally know what messages from the shop are going to look like. And I should be on the lookout for — and suspicious of — any strange messages that don’t look like that.
Scammers like to send texts with links that purport to be businesses I use (or, in some cases, government agencies I interact with) in order to lure me into divulging my personal information. So I need to scrutinize anything that comes in to make sure it's legit.
While this might sound scary, I need to weigh the trade-off between risk and reward. Generally, Velasquez urges me to make “thoughtful decisions” about the value of sharing my cell number. If 20% discounts at Old Navy (where I shop all the time) are going to create a significant savings for me, slightly elevating my risk is probably going to pay off. But if a random restaurant I don't dine at regularly wants to text me my receipt, I should probably just request a paper copy.
“Ultimately, you need to decide if the benefits — whether it’s points, loyalty rewards, faster checkout or discounts — are worth it,” Muthukrishnan says. “Ask yourself, does a gaming app you just downloaded really need your cell phone number? Probably not.”
The bottom line
I should carefully consider each vendor I give my phone number to, thinking about whether they’re trustworthy and whether the perks I’ll receive in return are truly worth the increased risk of identity theft. I need to be extra careful about messages I receive.
But Velasquez points out that while protecting my cell number is important, it’s not the only security-related step I need to take. Managing my passwords, signing up for multi-factor authentication and