Portal U de A

By: Andrea Carolina Vargas Malagón, journalist at the UdeA Communications Department 

Cell phone numbers have become such a common piece of information that people submit them on forms, leave them on social media, or give them away in stores in exchange for discounts without stopping to consider that they are putting one of the most valuable and vulnerable elements of online identity at stake. At the Alma Mater newspaper, we spoke with UdeA experts about the central role this information plays in today's digital ecosystem, the risks involved in openly sharing it, and recommendations for protecting it. 

This content comes from Alma Mater newspaper. » View PDF editions

In Colombia, Act 1273 of 2009 protects personal information and data—such as cell phone numbers—and penalizes cybercrimes. Photo: Freepik  
 
Cell phone numbers have long ceased to be just a channel for making and receiving calls. Today, they operate as key authentication tools: They are linked to email, social media, streaming platforms, and even financial services. Most platforms use them as a verification method through SMS codes or automated calls, which turns them into access credentials. 
  
The rise of virtual banking and online shopping, along with the proliferation of mobile apps, has made cell phone numbers an almost unavoidable requirement for accessing everyday services. Provided automatically and inadvertently, they have gone from being a simple contact channel to a master key to digital identity, which also makes them an attractive target for criminals. 
  
"Cell phone numbers have become a unique identifier, a link to everything we are online. It's sensitive personal data, comparable to an ID number. However, there's still a misconception that it's harmless," explained Katerine Márceles Villalba, a master's student in computer security and a professor at the UdeA Faculty of Engineering. 

According to the Digital 2025 Global Overview Report, 70% of the world's population uses a mobile phone, which translates to more than 5,000 million cell phone numbers linked to multiple platforms and applications as the key to accessing information for thousands of people and institutions. 

While it may seem more convenient to simplify access and navigation through a single piece of information, that same reach becomes a vulnerability, as leaked cell phone numbers can jeopardize financial and personal security, as well as the privacy of both individuals and organizations with which they have some kind of connection. 

Risks beyond spam 

The consequences range from annoying spam calls to identity theft or bank account compromise. Understanding these risks allows you to make informed decisions about when and where to share your cell phone number to protect it and safeguard your digital presence. 

According to Márceles Villalba, identity theft is one of the most common risks. Although a cell phone number alone is not enough for a criminal to commit this crime, it does become an access key. When linked to multiple online services, it can be used as an entry point to reset passwords, receive verification codes, or even be combined with data obtained through leaks and social engineering scams. Identity theft occurs when an attacker impersonates a victim to access their accounts, open new ones in their name, or carry out financial transactions. 

According to a report by TransUnion —a global credit data management company—nearly 30% of digital scams in the country are committed through telephone fraud tactics. 

"Added to this is SIM swapping, an attack in which cybercriminals convince the telephone operator to transfer the number to a new SIM card. This allows them to divert calls and messages and thus intercept two-factor authentication codes and access sensitive accounts such as email, online banking, or social media," explained Márceles Villalba.  

The potential for financial losses from this cybercrime is considerable. It can range from unauthorized transactions and credit applications to purchases in the victim's name. For professionals or high-profile individuals, the risk escalates to targeted attacks or even corporate espionage.  
"We have to stop giving out our cell phone numbers without considering the risks. This lack of awareness and cybersecurity culture exposes us to numerous frauds and identity theft." We must understand that the telephone number identifies us, so it must be protected with the same care as we protect our ID number," said Professor Márceles Villalba. 

Protecting your number is protecting your identity 

One of the most common sources of cell phone number leaks is the excessive amount of information shared on social media. According to Márceles Villalba, this increases the likelihood that third parties will misuse it. "The less visible this information is in public spaces, the lower the risk of fraud or identity theft," she stated.  

However, cell phone numbers can also be leaked through other, often overlooked, means: public directories and records, business cards, or even family and friends who, intent on helping others, share the number without authorization. These seemingly harmless sources of leaks highlight the need for constant vigilance and proactive protective measures.  
  
One of the experts' top recommendations for protecting your cell phone number is to enable two-factor authentication on all possible accounts. This includes email, corporate platforms, and everyday apps like WhatsApp, which allows you to set an additional security PIN, preferably using apps like Google Authenticator or Microsoft Authenticator, as they don't rely on the mobile network. However, two-factor authentication via text messages also provides security. 

Universidad de Antioquia offers several options for secondary locks, including apps like Microsoft Authenticator and even authentication via SMS or calls.  

"Authentication via SMS or phone calls remains a robust mechanism against most attacks, which are actually aimed at stealing passwords. The real risk arises when cell phone numbers are public, as cybercriminals can exploit them for fraud or phishing attempts. They impersonate institutions and request information such as passwords or verification codes pretending to be legitimate, when in reality it's a scam," clarified Jaime Ignacio Montoya Giraldo, Director of Institutional Planning and Development at Universidad de Antioquia.  

Other basic protection habits that can be implemented include avoiding posting numbers on social media or unnecessary forms, using a secondary or virtual number for unreliable registrations, frequently checking app permissions, and setting up a PIN with the mobile operator to prevent unauthorized SIM card changes. These simple actions strengthen security and reduce the risk of digital fraud.  

 
Aware of these new digital risks and the importance of safeguarding its community's information, the university is constantly working to update its protection mechanisms. Resolution 52644 of 2025, for example, establishes specific guidelines for managing information security and privacy in UdeA’s Information and Communications Technologies (ICT). These measures aim to anticipate emerging threats and strengthen confidence in the institution's digital services. 

"Digital security depends not only on technology, but also on culture. That's why we're promoting an educational communication project aligned with our Institutional Action Plan. It aims to educate, engage, and mobilize the community around a culture of digital care, with actions ranging from diagnostics and the creation of clear content to courses, workshops, and mobilization activities on campus," explained Montoya Giraldo. 
  
Ultimately, each person is responsible for staying informed and proactive about their digital security. Adopting and consistently updating protection strategies is the way to monitor our digital footprint and contribute to building a safer online environment. 

Five actions to protect your cell phone number 

1. Share it only when necessary.  
Before sharing your cell phone number, consider whether it is really needed, and you trust the institution or person requesting it. 

2. Activate additional security mechanisms. 
Don't rely solely on SMS codes. Use two-factor authentication apps, like Google Authenticator or Authy, which add an extra layer of protection to your accounts. 

3. Set privacy settings on your apps.  
Check who can see your number, locate you by phone, or add you automatically on social media and messaging services. Limiting this visibility reduces the risk of phishing. 

4. Review data processing policies.  
Before registering your number, consider how an institution or application will use, store, and protect that information. If you decide to share it, do so with full awareness of how exposed it may be. 

5. Report any signs of fraud immediately.  

If you receive unusual calls, messages, or notifications linked to your number, warn your mobile provider and the affected digital service (bank, social network, virtual wallet, etc.) as soon as possible. Also, change your passwords right away and enhance your account security. Acting quickly can prevent further damage.