What Security Steps Should Be Taken Before Dropping a Mobile Number?

What Security Steps Should Be Taken Before Dropping a Mobile Number?

There are approximately 32.47 million mobile phone subscriptions in Australia, more than the total population, which is 25.69 million. This is of course because many organisations will have several subscriptions for their staff to use, meaning some people have both a personal and work mobile device.

We’ve become more reliant on our mobile devices over time, and many people will pick up their smartphones to check email instead of checking it on a computer.

Mobile numbers are also connected to multiple cloud accounts and websites as the point of contact for multi-factor authentication, password resets, and account access.

When you change a personal or business mobile number, basically turning the number back into the carrier to recycle, you could be putting yourself at risk. If that number isn’t disconnected from all your online accounts or SaaS tools, it could mean a criminal with your old mobile number could easily breach many of those accounts.

A study by Princeton University in the U.S. looked at 259 mobile numbers that major phone carriers (T-Mobile & Verizon) were showing as available. After researching those phone numbers online, researchers found that 171 of them (66%) were still connected to online accounts on popular sites like Amazon and PayPal.

This left the former owners of those numbers susceptible to an account hijacking by password recovery or mobile authentication without a password reset being needed.

Further, researchers used sites like BeenVerified.com to input the numbers and found personally identifiable information (PII) on the numbers’ former owners. This is exactly what a criminal can do, and then use that information for phishing or identity theft. 

Graph from the Princeton University report on recycled mobile numbers.

What to Do Before You Turn Over Your Mobile Number to the Carrier

Change the Number for All Business Cloud Apps

You should start with your business applications. A criminal can do a lot of damage if they are able to compromise a business tool like Microsoft 365 or Google Workspace, including having access to all your sensitive business data and your company email accounts.

Go through all business applications that may be connected to that number and ensure the number is updated. 

Change the Number for All Personal Cloud Apps

Next, you’ll want to do the same with any personal cloud apps (exercise apps, meditation apps, health apps, etc.) and ensure that your new mobile number is attached to each account instead of the old one.

Update Financial Sites: Online Banking, PayPal, etc.

The most critical online accounts you have are online banking or other payment storage accounts. Make sure you update your banking account information with your new number, as well as any other monetary accounts like a stock trading account, PayPal account, cryptocurrency account, etc.

Update the Number for Any Online Retail Sites

Shipping notifications and receipts are often sent by SMS these days. So, if an unscrupulous person happens to have possession of your old mobile number, they could be receiving shopping-related texts that could allow them to gain access to your account and any stored payment methods.

Go through any work and personal online retail sites that you may have used since having that number and ensure your contact is updated.

Look for Other Online Accounts (Travel Sites, Industry Sites, etc.)

Go through the next level of accounts, which may not be quite as critical, but still hold your personal information in the account owner section.

Change your number on any accounts for industry websites, travel websites, news sites, etc. 

Test Your Multi-Factor Authentication Prompts

For any of the above accounts that have multi-factor authentication (MFA) in use, make sure to test this after you’ve changed your number.

Some cloud tools might have glitches in how or when their systems update contact information for MFA, so you want to test this to ensure a stranger with your old number isn’t going to be receiving your account login codes.

Update Your Number With Local Service Providers

Don’t forget offline providers that may still send you text messages or use your mobile number to contact you about critical services.

This includes firms such as your IT provider, HVAC provider, pharmacies, medical offices, etc.

In the Princeton study, the researchers interviewed one owner of a new mobile number that was receiving the blood test results for the phone’s former owner via SMS because that person hadn’t updated their contact with their medical provider. 

Review the Old Number’s Text Messages to Find Other Accounts to Update

Go through the SMS history of the old mobile number to find any other accounts that send text messages that you may have missed.

You’ll also want to update friends, family, colleagues, group text members, etc. as to the new number. But it’s best to do this from the new number instead of the old one. That way you can include in your text to save this new number as your contact and to delete any old text threads, so they aren’t accidentally reused.

Get Help With Company Mobile Security & Management

Connected Platforms can help your Brisbane area business get a handle on mobile security, including putting an offboarding process in place to disconnect numbers from your accounts before they’re recycled. 

Contact us for a free consultation. Call 1300 866 096 or book a coffee meeting online.

More blog posts

How to create secure passwords

How to create secure passwords

Weak passwords are one of the biggest security risks to your business.
Why?
Because cyber criminals are getting smarter than ever before. If they manage to crack just one password, they could gain access to your sensitive business data, financial information, or even gain control of your entire system.
Cyber criminals use automated tools to guess passwords, allowing them to try out millions of combinations in seconds. So, if you’re using something like “Password123” or “CompanyName2025”, you’re practically handing them the keys to your business.
A compromised password can lead to big issues, such as:
• Data breaches
• Financial losses
• Identity theft
• Reputation damage
But how do you create strong passwords without driving yourself (and your team) mad?
Think of your password like a secret recipe, where only you should know the ingredients. It should:
• Be at least 14 characters long (the longer, the better)
• Include a mix of uppercase and lowercase letters
• Contain a few numbers and symbols (like @, $, %, or &)
• Not contain any common words or easily guessable information (like birthdays, names, or the word “password”)
Instead of using a single word, you could try a passphrase – a short, random sentence that only you would understand. For example, instead of “Sailing2025”, try something like “Coffee&CloudsAreGreat9!”. This is much harder to crack, yet still easy to remember.
You should also steer clear of these common mistakes:
• Using personal info (your name, birthday, business name, etc.)
• Reusing the same passwords across multiple accounts
• Using simple sequences (“123456” or “abcdef”)
• Storing passwords in an easily accessible place (like a sticky note on your desk)
If remembering unique passwords for every account sounds impossible, there is another option: Password managers. These generate strong passwords, store them securely and autofill them for you.
With a password manager, you only need to remember one strong master password for the manager app itself. The rest are encrypted and stored safely, reducing the risk of data breaches.
Even the strongest password isn’t foolproof, which is why multi-factor authentication (MFA) is also important. MFA requires a second form of verification, like a one-time code sent to your phone or generated from an authentication app.
If you have employees accessing your business systems, it’s a good idea to have a password policy in place to explain your rules and why they’re important. This should include:
• Unique passwords for each system and account
• Regular security training on password best practices
• Business-wide use of MFA for critical systems
• Scanning for compromised passwords regularly
By making password security a priority, you can reduce the chances of a cyber attack creating a nightmare for your business.
And if you need help making your business more secure, get in touch.

Beware these common ‘malvertising’ attacks

Beware these common ‘malvertising’ attacks

Ever clicked an online ad and wondered afterwards if it was a scam?… most of us have – and cyber criminals want us to keep doing it. Here’s what to look out for to stop your business’s data (and profits) falling into the wrong hands…

Call Now Button