Several sites require me to input far too many personal details in order to register. This now includes phone numbers, which they have zero legitimate uses for - they are never used after the initial validation step - but when their database is leaked we're the ones getting smished.
The current next trend is to require a credit card to create an account, even a free one. What used to be an obvious smell to detect scams is quickly becoming the norm.
Unlike phone numbers, websites are not supposed to store credit card information, but it is not clear what they are allowed to do with any information they receive from a credit card transaction.
This leads me to the question: when I provide credit card details to a website and they make a USD 1.00 or USD 0.00 transaction, what exactly is going on? Just how much information are they getting from me?
I'm okay with providing Visa or Mastercard with my details - I'm sure they already have them all so they only need to double-check them - but I'm not comfortable providing details like my full name, home address, phone number and payment e-mail address to online merchants that are simply providing me with digital services (say, Dropbox, HumbleBundle, Packt or Pluralsight, to name a few who recently had access to my credit card information).
The reason for this question is that I found out that my personal phone number was included in the recent linkedin leak, and scam attempts (smishing and fake support calls) have increased drastically in the past few months and they often pretend to be coming from my previous workplace - the one listed as "current" on the linkedin leak, even though my linkedin page is already updated. I directly attribute these recent calls to this leak.
I never provided linkedin with my phone number, not even for 2FA (especially since twitter's notorious abuse of 2FA information for ads), or installed any linkedin app. I did subscribe for the 30 day trial, in which they required me to add my credit card, on which a 1 USD transaction was made and reverted. I can only assume this to be the vector they used to obtain my phone number.