There are approximately 32.47 million mobile phone subscriptions in Australia, more than the total population, which is 25.69 million. This is of course because many organisations will have several subscriptions for their staff to use, meaning some people have both a personal and work mobile device.
We’ve become more reliant on our mobile devices over time, and many people will pick up their smartphones to check email instead of checking it on a computer.
Mobile numbers are also connected to multiple cloud accounts and websites as the point of contact for multi-factor authentication, password resets, and account access.
When you change a personal or business mobile number, basically turning the number back into the carrier to recycle, you could be putting yourself at risk. If that number isn’t disconnected from all your online accounts or SaaS tools, it could mean a criminal with your old mobile number could easily breach many of those accounts.
A study by Princeton University in the U.S. looked at 259 mobile numbers that major phone carriers (T-Mobile & Verizon) were showing as available. After researching those phone numbers online, researchers found that 171 of them (66%) were still connected to online accounts on popular sites like Amazon and PayPal.
This left the former owners of those numbers susceptible to an account hijacking by password recovery or mobile authentication without a password reset being needed.
Further, researchers used sites like BeenVerified.com to input the numbers and found personally identifiable information (PII) on the numbers’ former owners. This is exactly what a criminal can do, and then use that information for phishing or identity theft.
Graph from the Princeton University report on recycled mobile numbers.
What to Do Before You Turn Over Your Mobile Number to the Carrier
Change the Number for All Business Cloud Apps
You should start with your business applications. A criminal can do a lot of damage if they are able to compromise a business tool like Microsoft 365 or Google Workspace, including having access to all your sensitive business data and your company email accounts.
Go through all business applications that may be connected to that number and ensure the number is updated.
Change the Number for All Personal Cloud Apps
Next, you’ll want to do the same with any personal cloud apps (exercise apps, meditation apps, health apps, etc.) and ensure that your new mobile number is attached to each account instead of the old one.
Update Financial Sites: Online Banking, PayPal, etc.
The most critical online accounts you have are online banking or other payment storage accounts. Make sure you update your banking account information with your new number, as well as any other monetary accounts like a stock trading account, PayPal account, cryptocurrency account, etc.
Update the Number for Any Online Retail Sites
Shipping notifications and receipts are often sent by SMS these days. So, if an unscrupulous person happens to have possession of your old mobile number, they could be receiving shopping-related texts that could allow them to gain access to your account and any stored payment methods.
Go through any work and personal online retail sites that you may have used since having that number and ensure your contact is updated.
Look for Other Online Accounts (Travel Sites, Industry Sites, etc.)
Go through the next level of accounts, which may not be quite as critical, but still hold your personal information in the account owner section.
Change your number on any accounts for industry websites, travel websites, news sites, etc.
Test Your Multi-Factor Authentication Prompts
For any of the above accounts that have multi-factor authentication (MFA) in use, make sure to test this after you’ve changed your number.
Some cloud tools might have glitches in how or when their systems update contact information for MFA, so you want to test this to ensure a stranger with your old number isn’t going to be receiving your account login codes.
Update Your Number With Local Service Providers
Don’t forget offline providers that may still send you text messages or use your mobile number to contact you about critical services.
This includes firms such as your IT provider, HVAC provider, pharmacies, medical offices, etc.
In the Princeton study, the researchers interviewed one owner of a new mobile number that was receiving the blood test results for the phone’s former owner via SMS because that person hadn’t updated their contact with their medical provider.
Review the Old Number’s Text Messages to Find Other Accounts to Update
Go through the SMS history of the old mobile number to find any other accounts that send text messages that you may have missed.
You’ll also want to update friends, family, colleagues, group text members, etc. as to the new number. But it’s best to do this from the new number instead of the old one. That way you can include in your text to save this new number as your contact and to delete any old text threads, so they aren’t accidentally reused.
Get Help With Company Mobile Security & Management
Connected Platforms can help your Brisbane area business get a handle on mobile security, including putting an offboarding process in place to disconnect numbers from your accounts before they’re recycled.
Contact us for a free consultation. Call 1300 866 096 or book a coffee meeting online.
