Why do they need my phone?
One of the reasons is user identification. When activating a SIM card in Russia and some other countries of the world (for example, Germany, Poland, Spain), the buyer must show the seller an identity card. Subsequently, service owners may require a telephone number for identification. An example is wi-fi in Russian hotels and airports. You can't "just" connect to the Internet. You will have to indicate your mobile phone number, receive a special verification code for it and enter it on the service page.
Collecting all kinds of information about you online, linking to your identity, compiling a profile of you (for example, for marketing purposes or for the needs of law enforcement agencies) pose a threat to privacy and security.
The second common purpose for which they ask you for a phone number is to restore access to your account if you have forgotten your password. Click the button, a hyperlink will be sent via SMS, and you will regain control of your account. Sounds good, but there is a weak point: dependence on the mobile operator. He is able to reissue the SIM card, and the attacker will “recover” the password to your account.
Service owners often offer to indicate your phone number “to protect your account.” From a “security” point of view, this function, on the contrary, creates a vulnerability.
The third goal is service delivery. The owner of an online store asks for your phone number in order to send useful information. The airline reports a flight delay or gate change. The weather service reports the weather forecast. The medical center reminds you to visit the doctor. The social network sends an alarm if an unknown person tries to log into your account. Banks use SMS to confirm online payments and deliver information to customers about changes to their accounts (PUSH notifications are also used for this).
It seems that all of the above is of benefit to the client. But data is also collected for marketing purposes, or even simply for sending spam and annoying calls offering everything in the world. Phone numbers are requested everywhere: at the checkout in a store (“to issue a discount card”), when checking into a hotel, to obtain a visa, to make an appointment for tire fitting. To the question “why?” may answer “that’s the order” or “just in case.”
People are tired, used to it, want to quickly complete the registration procedure, and give them a phone without thinking about how it will be used. Moreover, they do not read the long, dryly written user agreement. Somewhere in the text of the agreement, information may be lost about what, in fact, the owner of the service intends to do with your phone number and under what conditions, as well as how to subsequently remove the phone number from the system. Personal data, including phone numbers, leaks every now and then.
In April 2021, DeviceLock announced that it had discovered more than a thousand open databases in the Russian segment of the Internet. In November 2021, Kommersant wrote about numerous personal files discovered by journalists on public computers in Moscow MFCs. Visitors in a hurry and carelessly left their electronic documents anywhere.
The phone number is also requested by the messenger, which needs the contacts of your smartphone. This messenger does not work any other way.
Fraudsters and social engineers are also interested in the number. A SIM card from a lost/stolen phone can be used to access finances and even withdraw money from a bank account. One phone number is not enough for this, so attackers use additional information they have collected.
Finally, to intercept SMS messages, you can use the vulnerability of the SS7 protocol (in Russia the name OKS-7 is also used), which was created in the 70s of the last century without “an eye on security.”
Technology | “Please indicate your number...”: why it’s better not to do this
Are you registering on a website or mobile application? You may be asked to provide a phone number. And they will even scare you with hackers and forgotten passwords. Digital security consultant Sergei Smirnov helps us understand what the risks are, who wants to get our phone numbers and why, and what can be done about it.
Why do they need my phone?
One of the reasons is user identification. When activating a SIM card in Russia and some other countries of the world (for example, Germany, Poland, Spain), the buyer must show the seller an identity card. Subsequently, service owners may require a telephone number for identification. An example is wi-fi in Russian hotels and airports. You can't "just" connect to the Internet. You will have to indicate your mobile phone number, receive a special verification code for it and enter it on the service page.
Russian lawmakers believe in identification using mobile phone numbers. According to their plan, even messenger users are required to confirm their identity in this way. Denial of the right to anonymity is typical of a 21st century society overloaded with phobias in the fight against terrorism and crime.
More on the topic: Where will your digital footprints lead?
Collecting all kinds of information about you online, linking to your identity, compiling a profile of you (for example, for marketing purposes or for the needs of law enforcement agencies) pose a threat to privacy and security.
In authoritarian countries, lack of anonymity means problems with access to information. Freedom of speech is under attack: a blogger cannot write about human rights violations under his real name without fear of reprisals.
The second common purpose for which they ask you for a phone number is to restore access to your account if you have forgotten your password. Click the button, a hyperlink will be sent via SMS, and you will regain control of your account. Sounds good, but there is a weak point: dependence on the mobile operator. He is able to reissue the SIM card, and the attacker will “recover” the password to your account.
Service owners often offer to indicate your phone number “to protect your account.” From a “security” point of view, this function, on the contrary, creates a vulnerability.
The third goal is service delivery. The owner of an online store asks for your phone number in order to send useful information. The airline reports a flight delay or gate change. The weather service reports the weather forecast. The medical center reminds you to visit the doctor. The social network sends an alarm if an unknown person tries to log into your account. Banks use SMS to confirm online payments and deliver information to customers about changes to their accounts (PUSH notifications are also used for this).
It seems that all of the above is of benefit to the client. But data is also collected for marketing purposes, or even simply for sending spam and annoying calls offering everything in the world. Phone numbers are requested everywhere: at the checkout in a store (“to issue a discount card”), when checking into a hotel, to obtain a visa, to make an appointment for tire fitting. To the question “why?” may answer “that’s the order” or “just in case.”
People are tired, used to it, want to quickly complete the registration procedure, and give them a phone without thinking about how it will be used. Moreover, they do not read the long, dryly written user agreement. Somewhere in the text of the agreement, information may be lost about what, in fact, the owner of the service intends to do with your phone number and under what conditions, as well as how to subsequently remove the phone number from the system. Personal data, including phone numbers, leaks every now and then.
More on the topic: I want to protect correspondence in the messenger. What to do?
In April 2021, DeviceLock announced that it had discovered more than a thousand open databases in the Russian segment of the Internet. In November 2021, Kommersant wrote about numerous personal files discovered by journalists on public computers in Moscow MFCs. Visitors in a hurry and carelessly left their electronic documents anywhere.
The phone number is also requested by the messenger, which needs the contacts of your smartphone. This messenger does not work any other way.
Fraudsters and social engineers are also interested in the number. A SIM card from a lost/stolen phone can be used to access finances and even withdraw money from a bank account. One phone number is not enough for this, so attackers use additional information they have collected.
Finally, to intercept SMS messages, you can use the vulnerability of the SS7 protocol (in Russia the name OKS-7 is also used), which was created in the 70s of the last century without “an eye on security.”
Maybe it's better not to provide a phone number at all?
Let's look at some examples.
Mail.ru and Yandex request a phone number directly on the registration page. You can select the link “I don’t have a mobile phone” (it would be more honest to write “I don’t want to indicate a mobile phone”). This link changes the request for a phone number to a request for an email address (Mail.ru, it is not necessary to specify an email) or a choice of answer to a security question (Yandex).
So, you can avoid specifying a mobile phone number when registering a new address, but this path is not obvious. If you have indicated a number before, it is easy to delete it in the service settings (enter the code that the service will send to your phone via SMS). To enable two-factor authentication in Mail.ru and Yandex, you need a mobile phone number. And while two-factor authentication is enabled, you cannot remove this number from your account settings (even if you use a mobile application and not SMS to generate codes).
A mobile phone number will also be required to register a Google account (and Gmail). Then you can delete it in the service settings. It is not necessary to specify a number to connect and use two-factor authentication. However, Google keeps asking you to enter your phone number “for your safety.”
The Swiss service Proton Mail and the German Tutanota, which pay special attention to the privacy and confidentiality of users, do not ask for a phone number either for registration or for two-factor authentication.
Social media
VKontakte allows you to register only with a phone number. You cannot delete it in the settings, you can only replace it with another number. Two-factor authentication methods include SMS, and there is no option to disable this option.
Facebook also requires a number upon registration, but allows you to delete it later in the settings. Two-factor authentication can be enabled and used without a mobile number.
Twitter allows you to choose whether you want to register with a phone number or an email address. Unfortunately, using different email addresses and different IP addresses, I have never been able to register a new account with just an email address. Twitter consistently reported “suspicious activity,” blocked the registration process, and required phone number verification. After registering, you can remove the number from the settings, but only theoretically: after performing this operation, Twitter immediately blocked the account and required you to specify the phone number again. Twitter agreed to enable two-factor authentication only via SMS.
Instagram registers without a phone number (you need an email address). Two-factor authentication can also be enabled and used without SMS.
Messengers
In some popular instant messengers, linking to a phone is an integral part. This group includes WhatsApp, Telegram, Viber and even Signal, which security experts often recommend as more secure than its competitors.
Facebook users can communicate using Facebook Messenger, and although a phone number is required when registering for a Facebook account, you can later delete it and use Facebook Messenger without this connection.
To use Skype, you need a Microsoft account, but you don't have to provide a phone number there.
Lesser-known products that do not require linking to a mobile phone number include Wire and Briar instant messengers. The latter is also decentralized (does not depend on a single server) and, like its well-known “colleague” Firechat, supports the possibility of communication between users without the Internet (using wi-fi and Bluetooth technologies), albeit over short distances. For now, however, Briar has a relatively small audience and no iOS version.
What can you do to be safe?
- If possible, do not register where they require a phone number. Do not indicate the number unless there is a special need.
- Check the settings of already used services. If there is a number there and it can be removed without affecting the functionality of the service, perhaps this should be done.
- Avoid “password recovery” schemes over the phone. It is better to spend a little time creating strong passwords, save them in a secure password manager database, and periodically make backup copies of both this database and the protected data themselves.
- Enable two-factor authentication in your account settings. It is better if the second factor is not SMS, but, for example, a one-time code from a mobile application. Google Authenticator or Authy will work.
- Take care of your mobile device: remove unnecessary applications, regularly clean data (SMS messages, call history, correspondence in instant messengers), make sure that device encryption is enabled, and if someone has not yet enabled it, set a login password right now.
- Set up service notifications so that you are aware of any unauthorized login attempt.
You can resort to other, more rare recipes, for example, using a SIM card from a foreign operator (in some countries you can still buy a SIM card without presenting a document). True, you will have to maintain this number in working order - monitor the balance and replenish your account on time.
If you have to provide a mobile phone number, be aware of the risks associated with this fact. It may be best not to transmit redundant information using this service. If you are unlucky and you have lost your smartphone (or it was stolen, or confiscated), it makes sense to immediately block your SIM card from your mobile operator.
All safety rules are individual. Some of these recommendations may not suit you, but something else may work effectively for you. Share with us in the comments.
Mail.ru and Yandex request a phone number directly on the registration page. You can select the link “I don’t have a mobile phone” (it would be more honest to write “I don’t want to indicate a mobile phone”). This link changes the request for a phone number to a request for an email address (Mail.ru, it is not necessary to specify an email) or a choice of answer to a security question (Yandex).
So, you can avoid specifying a mobile phone number when registering a new address, but this path is not obvious. If you have indicated a number before, it is easy to delete it in the service settings (enter the code that the service will send to your phone via SMS). To enable two-factor authentication in Mail.ru and Yandex, you need a mobile phone number. And while two-factor authentication is enabled, you cannot remove this number from your account settings (even if you use a mobile application and not SMS to generate codes).
A mobile phone number will also be required to register a Google account (and Gmail). Then you can delete it in the service settings. It is not necessary to specify a number to connect and use two-factor authentication. However, Google keeps asking you to enter your phone number “for your safety.”
The Swiss service Proton Mail and the German Tutanota, which pay special attention to the privacy and confidentiality of users, do not ask for a phone number either for registration or for two-factor authentication.
Ways to cheat on VKontakte and how to punish scammers
› › › In the modern world, it is unlikely that you will be able to find a person who does not have and has never had an account on the Internet. Social networks have long become a common way to communicate, find friends, establish useful contacts and business correspondence. Unfortunately, as their role in our lives increases, so does the number for which our favorite means of online communications become a platform for financial and other frauds. In the article we will consider the most popular social network in Russia - “VKontakte” and We’ll figure out what to do to avoid becoming a victim of scammers and how to complain about a scammer in your contact if you are already unlucky and your page has been hacked.
First, let's understand the existing types of fraud on social networks. One of the most common methods of deception. Very sad, but they exist
Social media
VKontakte allows you to register only with a phone number. You cannot delete it in the settings, you can only replace it with another number. Two-factor authentication methods include SMS, and there is no option to disable this option.
Facebook also requires a number upon registration, but allows you to delete it later in the settings. Two-factor authentication can be enabled and used without a mobile number.
Twitter allows you to choose whether you want to register with a phone number or an email address. Unfortunately, using different email addresses and different IP addresses, I have never been able to register a new account with just an email address. Twitter consistently reported “suspicious activity,” blocked the registration process, and required phone number verification. After registering, you can remove the number from the settings, but only theoretically: after performing this operation, Twitter immediately blocked the account and required you to specify the phone number again. Twitter agreed to enable two-factor authentication only via SMS.
Instagram registers without a phone number (you need an email address). Two-factor authentication can also be enabled and used without SMS.
How to report a scammer on VKontakte to block a group
» In the era of modern technology and social networks, no one will be surprised by such a manifestation of the criminal world in cyberspace as VKontakte fraud.
Not every user who has fallen victim to scammers knows what to do in this case and how to protect themselves in the future.
The best defense is to prevent the situation. Only attentiveness, prudence and common sense can help you avoid falling for the bait of dodgers and save money and nerves. The damage from illegal actions consists not only in the fraudulent withdrawal of funds from the owners of accounts on social networks, but also in harming the reputation and good name.
The purpose of any fraud is personal enrichment. The Internet, due to its anonymity and inclusiveness, attracts all kinds of swindlers, allowing them to deceive a large number of people in a short time and at the same time successfully avoid criminal prosecution for a long time.
VKontakte fraud - what to do when faced with it, everyone decides for themselves.
How to protect yourself from scammers on VKontakte - scams on VK, sample complaints
Fraudsters work regularly on VKontakte.
It is difficult for an ordinary user to protect himself from the influence of experienced scammers. To avoid being deceived, you need to know the signs of fraud and the methods of deceivers. Every user should be wary when a resource requires you to enter a phone number or bank card information.
The instructions allow you to recognize the deceiver and not fall for his bait. If this has already happened, then every user should know how to punish the criminal and return the money. VKontakte fraud appeared almost with the formation of this social resource.
Scammers have learned to cleverly scam users. Most often this happens when joining a group. If an unknown person tries to get money out of money by deception, then it will be very difficult to return it and then punish the criminal.
To do this, you will have to contact the competent authorities and write a statement. Signs of fraud: New
Messengers
In some popular instant messengers, linking to a phone is an integral part. This group includes WhatsApp, Telegram, Viber and even Signal, which security experts often recommend as more secure than its competitors.
Facebook users can communicate using Facebook Messenger, and although a phone number is required when registering for a Facebook account, you can later delete it and use Facebook Messenger without this connection.
To use Skype, you need a Microsoft account, but you don't have to provide a phone number there.
Lesser-known products that do not require linking to a mobile phone number include Wire and Briar instant messengers. The latter is also decentralized (does not depend on a single server) and, like its well-known “colleague” Firechat, supports the possibility of communication between users without the Internet (using wi-fi and Bluetooth technologies), albeit over short distances. For now, however, Briar has a relatively small audience and no iOS version.
How social media is hacked networks?
Safety theory!
| The eternal question is how social media is hacked. networks? Asked by everyone who has lost access to their data or pages on the Internet at least once. Such an unfortunate situation can affect anyone, and my task in this article is to open the curtain on the information and methods by which scammers hack most of the resources on the Internet.
I will tell you all this so that you know where to expect the “blow” and how to prevent data loss. So, if you are reading this article, then you have expressed a desire to learn once and for all about hacking methods, you have become interested in how your page on a social network was taken away or why you can no longer log into your mail. But in fact, everything is simple, in most cases the user himself allows the hacker to obtain all the necessary data for hacking.
But first things first, as before, I will present you with a brief summary, and you either read the section you are interested in or carefully go through all of them.
