Should I be concerned if I receive a spam email that contains the first 3 and last four digits of my phone number, with the middle 3 being replaced with X's?
Should I be concerned if I receive a spam email that contains the first 3 and last four digits of my phone number, with the middle 3 being replaced with X's?
I haven't opened the email, I'm just looking at the preview that gmail provides and it contains the name of my email with the first character missing and most of my phone number, like I stated in the title of my post. How concerned, if at all, should I be and is there anything I should be doing?
Considering how many data breaches have happened this year alone, I wouldn’t be very surprised if your phone number was leaked in one of them, along with your email address. Make sure you use unique passwords for all your online accounts (a password manager can help with this).
I've literally gotten spam emails that include a real password I've used in the past in the subject with some vaguely threatening message. Thanks to all these leaks, spammers are getting more targeted. Luckily I've been generating all my passwords for the last few years so I don't have to worry about specific passwords getting out as much anymore.
I do already use different passwords for every account that I have and I changed my Gmail password recently. Is there anything else I should be worried about?
You can use email aliases or even go as far as a phone alias as well.
Been using Mozilla relay for a while and the phone number option is nice to mask your real number for some things.
It does report as a VOIP number so some services can't use it.
The scariest threat in the event you're affected by the data breach is if someone has enough information to open credit in your name. There's a website you can look yourself up on. I have it in my pc I think, but not my phone. They have my name and ssn, but an old address that's not valid any more. Maybe someone can link it. I'll see if I can find it in the morning if no one does.
2FA is good to use when available.
That's mainly it. It could be the most likely threat is to email you scary things to try to get you to click on the wrong thing. Or calling you up with the classic threat that the sheriff is on his way to arrest you now over some outstanding debt. I know wtf I'm doing with security and I've still fallen for a phishing scheme (caught it before any harm was some, but still clicked the damn email). My wife fell for the sheriff thing—sucks when they do find a blemish on your credit to really sell you on they are a real debt collector.
Not worried necessarily. But as a suggestion, you could use different email addresses for different purposes. I use 1 address each for;
- Family
- Friends
- Banking & Financial Services
- Shopping
- Lists I'm subscribed to (not related to the above)
- Forums
- Social Media
- Junk And I use an email client to stay up to date with those accounts. That way when your Shopping email claims your bank has been hacked, you immediately know it's a scam because they are not connected.
There are plenty of companies that will sell your name, email addresses, phone numbers, street addresses, marital status, and relative's names. They obtain the information from publicly sold databases. I had access to one that had all that, plus the registration info for the car I drive, my estimated income, my military record, my driving record, my political party preference, and pictures of my home that had been on the realtor's website.
The scary one was when a phone center employee in the Philippines stole my wife's debit card number and then did two big Western Union MoneyGram transfers to a couple of Filipino men. That means bad actors have access to the credit companies' databases from which Western Union draws their proof of identity questions, like who holds your mortgage, where you lived when you were 10, and the make/model of your first vehicle.
If you're well-off enough to be a financial fraud target, paying a company for identity theft protection is probably well worth it. Put fraud alerts in with all the major credit bureaus too. That usually stops identity thieves from accessing your credit. If you use 2FA with your phone, make sure your telecom provider will not transfer your number to a new device without in-person authorization and authentication.
Use a 2FA app, not SMS. SIM swaps are easy to do to take over your accounts and change your passwords. An app on your phone renders this useless.
I once received an email with one of my passwords in it. It's spooky when they get your info and reach out!
Well that's nice of them, now you can easily just change that password which of course you only use for one account.
tip: use haveibeenpwned to see where your passwords have gotten leaked.
Was it a password reset email?
It was a pw that was from a breach. Like most people I used to use the same pw for everything. Now I use bitwarden and love it