Should I be concerned if I receive a spam email that contains the first 3 and last four digits of my phone number, with the middle 3 being replaced with X's?

rmtworks , 12 hours ago

Considering how many data breaches have happened this year alone, I wouldn’t be very surprised if your phone number was leaked in one of them, along with your email address. Make sure you use unique passwords for all your online accounts (a password manager can help with this).

vortexal OP , 12 hours ago

I do already use different passwords for every account that I have and I changed my Gmail password recently. Is there anything else I should be worried about?

scottmeme , 11 hours ago

You can use email aliases or even go as far as a phone alias as well.

Been using Mozilla relay for a while and the phone number option is nice to mask your real number for some things.

It does report as a VOIP number so some services can’t use it.

MagicShel , 11 hours ago

The scariest threat in the event you’re affected by the data breach is if someone has enough information to open credit in your name. There’s a website you can look yourself up on. I have it in my pc I think, but not my phone. They have my name and ssn, but an old address that’s not valid any more. Maybe someone can link it. I’ll see if I can find it in the morning if no one does.

2FA is good to use when available.

That’s mainly it. It could be the most likely threat is to email you scary things to try to get you to click on the wrong thing. Or calling you up with the classic threat that the sheriff is on his way to arrest you now over some outstanding debt. I know wtf I’m doing with security and I’ve still fallen for a phishing scheme (caught it before any harm was some, but still clicked the damn email). My wife fell for the sheriff thing—sucks when they do find a blemish on your credit to really sell you on they are a real debt collector.

vortexal OP , 11 hours ago

That’s the reason I don’t open random emails and I never answer the phone unless I’m expecting a call/text from a specific number. I’m too paranoid about getting scammed/hacked. I’d be using 2FA if it wasn’t for the fact that I’d have concerns about potentially loosing access to my accounts because the trusted device stops working or something.

Zier , 6 hours ago

Not worried necessarily. But as a suggestion, you could use different email addresses for different purposes. I use 1 address each for;

1. Family
2. Friends
3. Banking & Financial Services
4. Shopping
5. Lists I'm subscribed to (not related to the above)
6. Forums
7. Social Media
8. Junk
   And I use an email client to stay up to date with those accounts. That way when your Shopping email claims your bank has been hacked, you immediately know it's a scam because they are not connected.

MeatsOfRage , 10 hours ago

I’ve literally gotten spam emails that include a real password I’ve used in the past in the subject with some vaguely threatening message. Thanks to all these leaks, spammers are getting more targeted. Luckily I’ve been generating all my passwords for the last few years so I don’t have to worry about specific passwords getting out as much anymore.

lemmefixdat4u , 8 hours ago

There are plenty of companies that will sell your name, email addresses, phone numbers, street addresses, marital status, and relative’s names. They obtain the information from publicly sold databases. I had access to one that had all that, plus the registration info for the car I drive, my estimated income, my military record, my driving record, my political party preference, and pictures of my home that had been on the realtor’s website.

The scary one was when a phone center employee in the Philippines stole my wife’s debit card number and then did two big Western Union MoneyGram transfers to a couple of Filipino men. That means bad actors have access to the credit companies’ databases from which Western Union draws their proof of identity questions, like who holds your mortgage, where you lived when you were 10, and the make/model of your first vehicle.

If you’re well-off enough to be a financial fraud target, paying a company for identity theft protection is probably well worth it. Put fraud alerts in with all the major credit bureaus too. That usually stops identity thieves from accessing your credit. If you use 2FA with your phone, make sure your telecom provider will not transfer your number to a new device without in-person authorization and authentication.

tyrant , 10 hours ago

I once received an email with one of my passwords in it. It’s spooky when they get your info and reach out!

Greg , 7 hours ago

Was it a password reset email?

tyrant , 2 hours ago

It was a pw that was from a breach. Like most people I used to use the same pw for everything. Now I use bitwarden and love it

Ghoelian , 6 hours ago

Well that’s nice of them, now you can easily just change that password which of course you only use for one account.

CaptainBasculin , 5 hours ago

tip: use haveibeenpwned to see where your passwords have gotten leaked.