Mobile fraud: Thieves 'shoulder surfing' victims to steal phones
- Published
Criminals are getting smarter at targeting victims to gain access to banking apps on mobile phones, a senior UK fraud officer has said.
Detective Superintendent John Roch says the technology behind the apps is secure but criminals are getting better at exploiting human behaviour.
Thieves typically "shoulder surf" victims to catch them entering their PIN before stealing the phone.
The financial impact of the crime can be enormous.
"It's only a phone... but if you take that out without the right precautions and protections around it you are essentially walking around with a bag of cash," says Detective Superintendent Roch, who is head of economic crime at the Metropolitan Police in London.
"If you start to think of it like that, would you walk into a bar, put it down and turn your back on it? Probably not."
Detective Superintendent Roch says it is impossible to know how many victims there are, but while he believes the scale of the crime might be small the impact of it could be huge.
"It's not on a massive scale, it's a crime that exists and we do see it... [but] the potential outcome is devastating for victims," he says.
"Because should a criminal be successful in getting into the phone and then getting into the bank apps they have access to have your whole savings, your whole life, whatever it is that you have stored on that financial app".
Jake Moore works for cyber security company ESET and used to head up Dorset Police's digital forensics unit. He says criminals will often "shoulder surf" a victim to learn their PIN before they steal the phone, either through mugging, pickpocketing or drink spiking.
They then use the PIN to unlock the phone and try the same PIN to access banking apps. They will also search the phone's notes section for banking passwords or PINs.
How to protect yourself from mobile phone fraud
Use biometric data (face or finger print) ID if possible
Remove banking apps from your phone and keep them on devices that stay at home
Use different pin numbers for unlocking your phone and banking apps
Don't store passwords or PINs on your phone
Always be aware of your surroundings when accessing financial apps
Jacopo de Simone had more than £22,000 of his life savings stolen when he was pickpocketed and his phone stolen on a night out last year.
When he realised his phone was gone he was annoyed and frustrated but thought nothing more of it until the next morning when he logged on to his online banking and discovered all his money had been stolen.
"I was stopped in my tracks a little bit, I froze and tried to regain my thoughts and thought 'OK, what's the best approach here?'.
"I was completely frightened and alarming to see all your hard earned money taken away from you.
"I was in complete shock about how it could have happened."
After a 10-month fight with his bank to prove his innocence, Jacopo was eventually refunded all the money that was stolen.
But the initial crime and the subsequent experience has given Jacopo a different perspective about how he uses his mobile phone.
"This has completely changed how I use my banking apps today," he says.
"I try not to [keep] the apps on the phone themselves.
"I find the threat of losing your phone and losing all your money is not worth having it all so easily accessible to you."
You can listen back to Money Box here or watch Rip Off Britain here.
Follow Money Box, external or Dan, external on Twitter or contact the Rip Off Britain team via Facebook, external.
Related topics
- Published27 January 2023
- Published4 December 2021