Keep Your Mobile Number Secret on the Internet

Symantec has always recommended that personal information, especially financial information such as Social Security numbers, credit card numbers, and of course your email address must not be revealed anywhere on the Internet. Many security experts also believe that disclosing an IP address to an unknown person on the Internet is equally dangerous. We also now need to be cautious of not divulging our mobile numbers or date of birth because these bytes of information are also vitally essential, and are considered part of your identity by financial institutions.

We are monitoring a new wave of phishing attacks that is attempting to extract information such as the mobile numbers and/or dates of birth of recipients by using false alerts:  

A couple of the Subject lines of these alerts are:

TEXT MESSAGE ALERT
MOBILE TEXT MESSAGE ALERT

As shown above, these fake email alerts ask users to log in and update their mobile phone number. When the users click on the link they are redirected to a phishing site. Here, they are asked to enter their phone number and date of birth. This information is quite critical because it is normally used by banks to authenticate customers, such as with telephone banking.  

Another possible side effect of mobile number disclosure to unknown entities is that users may also be exposed to SMS spam. With text messaging popularity on the rise with consumer and business users alike, Internet scammers see a perfect chance to utilize this attack vector. Moneymaking spam, 419 messages, and weight loss products are actively pushed out through unsolicited SMS messages:

Symantec advises users to keep their mobile numbers confidential on the Internet. Be very wary of potentially false alerts and scams, particularly because financial institutions do not ask customers to verify or correct critical information through emails and SMS.