Certainly, some people, such as celebrities as well as politicians, should be more concerned than others about revealing their private number online. However, anyone could potentially have a cyberstalker or hacker target them. Once a hacker incorporates a phone number as well as your name, they can quickly use various other open-source intelligence (OSINT) tools that will we’ve covered on Null Byte to grab further public data like occupation, employer, spouse, relationship, any various other public info.
A hacker could use the information to further social engineering attacks by calling you directly. Think of the classic ” Microsoft tech support” scam, only the caller trying to trick you knows your name as well as intimate details of your personal life. Armed with these, the idea’s easy to make the target think the caller will be legitimate.
How would certainly a hacker actually go about finding your number? In theory, if they had a lot of time, they could just search all 9,999,999,999 potential numbers until they stumbled upon yours. Clearly, This particular isn’t very efficient, so let’s see the right way of doing the idea. For a practice subject, I’ll be using DC Mayor Muriel Bowser (2017) as a random city official.
Step 1: Use the Area Code
If you think of a target’s phone number as one of all the possible 10 digit US phone numbers, you can quickly see that will 10 billion North American phone numbers the idea far too large a list to effectively search through. Luckily for the hacker, he can cut This particular down thanks to the North American Numbering Plan (NANP) which lays out the guidelines for phone numbers within the US.
Let’s take an example, 234-235-5678. Looking at the NANP, we can see that will the first three numbers are the area code, 234, as well as the plan allows for 2–9 as the first digit, as well as 0-9 for the second as well as third digits. that will information right there eliminates one billion possible numbers coming from the hacker’s list.
The hacker can also quickly take advantage of This particular if they know or can take an educated guess at where you live, as the idea’s as easy a Google search. By doing This particular, the hacker can remove a further 9 billion 990 million numbers coming from the list of potential guesses.
The next three numbers after the area code in our example are the central office prefix, 235. Again, the plan calls for 2–9 for the first digit, as well as 0–9 for both the second as well as third digits, nevertheless having a caveat.
In area codes where the second digit will be 1, the third can’t also be 1. This particular yet again removes a large number of phone numbers coming from the hacker’s list. The last four digits of the phone number will be the line number, in This particular case, 5678.
I took the educated guess that will the Mayor of DC would certainly have a DC area code, as well as a hacker could also look up the target’s Facebook account as well as likely find a hometown or the currently city the target lives in or works coming from. Some larger cities like Los Angeles will have multiple area codes within them, nevertheless no matter how many “split” area codes there are, the idea still greatly reduces the hacker’s list of possible numbers.
Step 2: Get the Last Numbers
currently that will I know my target’s number will be 202-???-???? I want to try as well as remove as many of those question marks as possible, creating the idea easier to do a facebook search later on. Thankfully Facebook has our back as well as has made This particular will be probably the second easiest step, after using the area code. In order to get the last two numbers, we just have to go a few steps into the password reset process.
To do This particular, the hacker goes to the main Facebook page as well as clicks “Forgot account” to start the process.
Next, they enter the target’s name they have in mind, as well as click the “Search” button.
The hacker will be then presented having a list that will includes a face picture paired with each matching account that will helps them quickly identify their target. There’s our target right at the top!
Facebook then kindly provides the hacker the last two digits of the targets number, along with some information about the emails accounts associated with their Facebook account, such as the first as well as last letter, as well as sometimes the email domain.
that will’s as far as the hacker has to go. They don’t actually reset the password, as well as they shouldn’t to ensure the target never receives any kind of notification to tip them off.
With over 218 million users, Paypal as well as various other services can help add to the information the attacker has collected so far. In This particular case, if the target will be a PayPal user, the hacker can get two additional digits of the phone number we’re looking for.
within the picture above, you may have noticed that will the first email listed will be a Gmail account that will starts with “M” as well as ends with “R.”
that will’s funny, since my targets first name starts with an “M,” as well as her last name ends with an “R.” To a hacker, This particular screams “I used my name as my e-mail!” Suspecting This particular was the case I checked the idea on Gmail by typing the idea in.
Google accepted the idea, nevertheless that will doesn’t necessarily mean that will the idea’s the target’s email. The hacker can check by doing the same password reset trick they pulled with Facebook.
Yep, This particular account just so happens to have a number that will ends in 28. Coincidence? I think not. currently that will I have an e-mail to work with, I can jump over to PayPal in a fresh tab, as well as Again use the same password reset trick.
This particular time, when I get to the password reset screen, I get not only all four digits of the line number, nevertheless also the first number of the area code too!
This particular allows me to be reasonably sure that will I’m on the right track with the area code, as well as verifies my previous work on finding the last few numbers. This particular means I hold the number 202-???-6228 so far. In various other words, my list has gone coming from 10 billion choices to about a thousand in just a few minutes of work.
At This particular point, a hacker could just start throwing numbers into the Facebook search bar, nevertheless that will still wouldn’t be that will efficient. So what does a lazy hacker do? They take advantage of a Facebook feature that will allows you to conduct a bracket search.
Facebook allows you to upload lists of contacts in CSV format, as well as then tells you if they are on Facebook so you can add them as friends. By constructing my own contact list of potential numbers, I can quickly rule out large chunks of wrong numbers.
In This particular case, I know the number has to be within the range coming from 202-000-6228 to 202-999-6228. By cutting that will in half as well as creating a list of numbers coming from 202-000-6228 to 202-500-6228, I can effectively rule out half of my list, as the target will only be in one of the two half lists created. Then, I can upload the list as well as instantly determine if they are on the idea or not.
To create This particular list, I went to Google Contacts as well as clicked “Export” to get a sample CSV file to work coming from.
Facebook prefers to accept the list in Google CSV format, so I saved the idea as such coming from Google Contacts.
coming from there, a hacker can open the file in Google Sheets or Excel as well as change the column formula for the phone numbers to one that will will iterate over the numbers they need to check, as seen within the following example.
within the excel formula below, I start by taking the lowest value phone number, in This particular case 2020006228, then I add 10,000 to the idea in order to raise the 5th place digit by 1. This particular formula will repeat as many times as needed, nevertheless we shouldn’t do the idea more than 1,000 times, because there are only a thousand numbers in our list to guess. If the target hadn’t had a PayPal account to help us derive the 3rd as well as 4th place digit, then we would certainly be adding 100 to raise the 3rd digit instead.
coming from there, the idea will be simple to sign into a Facebook account as well as go to the Friend Finder feature. Click on the Gmail logo as well as then “Find Friends.”
Next, scroll to the bottom of the page as well as upload your CSV file containing the phone numbers you wish to try.
After the idea’s uploaded, Facebook presents the hacker a list of “Friends” to add coming from the list. They would certainly then search for their target inside that will list. My target doesn’t seem to be here, so I know they aren’t in This particular half of our batch of numbers.
Next, instead of testing the next 500, I split the next 500 in half as well as check one of those halves. This particular will be because I already know the target will be on the second list, since they weren’t on the first half. The hacker can continue searching in This particular way until the target appears on a phone number list.
coming from there on out, the hacker would certainly test smaller as well as smaller batches of numbers until they have only a handful to test. I stopped when I had the idea down to about 30 numbers. Obviously, This particular will take longer if the hacker has less information about the various other digits of the phone number to begin with, as they will have a larger number set to search. Facebook will rate limit the hacker at 5 attempts per day nevertheless they can get around This particular by signing into another account.
Step 5: Test the Last Few Numbers
Once that will hacker has the idea down to a handful of numbers, they can go to the Facebook search bar as well as type them in one by one. To do so, just type the number into the search bar with no hyphens. If the requests are going too fast, or if search for too many, Facebook starts to rate limit them having a captcha.
However, that will’s not much of a defense when the hacker only has 30 numbers to check.
In total, the idea took me around 30 minutes to an hour to find the target’s number, as well as these same steps could be used on anyone who has their phone connected to Facebook.
The simplest way to protect yourself will be to never connect your phone to Facebook. If you still want to use two-factor authentication, Facebook allows you to use a USB U2F device without having to rely on your phone. If you absolutely must have your phone connected, navigate to Facebook Settings, as well as then click on “Privicy” as well as then “Who can look me up?”
Set This particular option to “friends.” Unfortunately, Facebook doesn’t let you set This particular to “Only me.” While This particular still will not provide absolute protection, the idea will make the hacker’s life much more difficult.
Thanks for reading! If you have any questions, you can leave a comment here, or message me on Twitter @The_Hoid.