I report frequently on the importance of having strong passwords for critical accounts. What’s even more important? Protecting your phone’s passcode.
A new report from the Wall Street Journal notes a significant increase in the number of stolen phones (iPhones and Android devices). The story includes a report of a woman who had her phone and passcode stolen and in less than 24 hours, lost about $10,000 from her bank account.
The crime requires no hacking and hardly any knowledge about how to gain control of a smartphone. It’s as simple as snooping on someone entering their passcode into a phone and then taking the phone when the owner isn’t looking.
New York City Police say in the Wall Street Journal report that there have been hundreds of these types of crimes in the past couple of years. Here’s how it can happen and what the thieves can do with an unlocked phone:
Police say this most often happens in nightclubs and bars and other places where people congregate to socialize. The victim meets someone and the two begin chatting. At some point, the crook may casually ask to see something on the victim’s phone like a photo or social media account.
When the victim hands them their phone, the crook can quickly hit two buttons on the phone that resets it and requires a password to unlock it again. As the victim enters the password, the bad guy simply peeks at the numbers they enter.
Later, if the victim sets down their phone, the crook can grab it and leave. Armed with the passcode, the bad guy can unlock the phone and use anything that is on it.
In a matter of seconds, the crook can change the passcode and turn off “Find My” on an iPhone which will prevent the owner of the phone from tracking its location from another device.
Think then about what’s on your phone. It most likely has apps tied to banking and credit card accounts. Cash apps such as Paypal and Venmo. The crook can transfer money from the victim’s account to theirs in a matter of seconds.
They can also find out where the victim lives. Opening Apple Maps or Google Maps, the bad guy can see not only the victim’s address but get turn-by-turn directions to it. If the victim has a smart lock on their door or garage, the crook basically has a key using an app.
Since most people now use their smartphones for virtually everything, this crime is easier for bad guys to commit than say, installing malware on a computer or stealing random passwords using email phishing.
The simplest way to protect yourself is by covering your phone whenever you enter your passcode. Do not share it with anyone. I’d recommend never handing your phone to someone you just met.
Of course, many critical apps allow you to set up a secondary security step using Face ID before using Apple Pay or a bank account but that might also be something a crook can circumvent. We’ll look at that next time.