Should I be concerned if I receive a spam email that contains the first 3 and last four digits of my phone number, with the middle 3 being replaced with X's?

vortexal@lemmy.ml to Asklemmy@lemmy.ml – 32 points –

I haven't opened the email, I'm just looking at the preview that gmail provides and it contains the name of my email with the first character missing and most of my phone number, like I stated in the title of my post. How concerned, if at all, should I be and is there anything I should be doing?

15

You are viewing a single comment

Considering how many data breaches have happened this year alone, I wouldn’t be very surprised if your phone number was leaked in one of them, along with your email address. Make sure you use unique passwords for all your online accounts (a password manager can help with this).

I've literally gotten spam emails that include a real password I've used in the past in the subject with some vaguely threatening message. Thanks to all these leaks, spammers are getting more targeted. Luckily I've been generating all my passwords for the last few years so I don't have to worry about specific passwords getting out as much anymore.

I do already use different passwords for every account that I have and I changed my Gmail password recently. Is there anything else I should be worried about?

You can use email aliases or even go as far as a phone alias as well.

Been using Mozilla relay for a while and the phone number option is nice to mask your real number for some things.

It does report as a VOIP number so some services can't use it.

The scariest threat in the event you're affected by the data breach is if someone has enough information to open credit in your name. There's a website you can look yourself up on. I have it in my pc I think, but not my phone. They have my name and ssn, but an old address that's not valid any more. Maybe someone can link it. I'll see if I can find it in the morning if no one does.

2FA is good to use when available.

That's mainly it. It could be the most likely threat is to email you scary things to try to get you to click on the wrong thing. Or calling you up with the classic threat that the sheriff is on his way to arrest you now over some outstanding debt. I know wtf I'm doing with security and I've still fallen for a phishing scheme (caught it before any harm was some, but still clicked the damn email). My wife fell for the sheriff thing—sucks when they do find a blemish on your credit to really sell you on they are a real debt collector.

That's the reason I don't open random emails and I never answer the phone unless I'm expecting a call/text from a specific number. I'm too paranoid about getting scammed/hacked. I'd be using 2FA if it wasn't for the fact that I'd have concerns about potentially loosing access to my accounts because the trusted device stops working or something.

Not worried necessarily. But as a suggestion, you could use different email addresses for different purposes. I use 1 address each for;

  1. Family
  2. Friends
  3. Banking & Financial Services
  4. Shopping
  5. Lists I'm subscribed to (not related to the above)
  6. Forums
  7. Social Media
  8. Junk And I use an email client to stay up to date with those accounts. That way when your Shopping email claims your bank has been hacked, you immediately know it's a scam because they are not connected.

While I don't have that many, I do already have multiple email addresses that I actively use. I also have them setup as a recovery emails for each other, so that way, if a hacker wants to take over one of my emails, they'd have to hack all of them.