learn to track

Safeguarding Your Smartphone: Lessons Learned from a Theft Victim

TLDR: Phone theft is rising rapidly in London, with criminals targeting unlocked phones for financial data. Victims share lessons learned and tips for preventing phone theft and securing personal information.

It took mere seconds for a masked man on an e-bike to snatch my smartphone as I waited for a bus in central London during the morning rush hour. He silently cruised up on the pavement behind me, swiping my phone in one efficient, well-practised maneuver while I was in the middle of sending a message. I was stunned, not hurt—he barely touched me—but my initial reaction was fear. Had my phone screen remained unlocked?

As he zoomed off, I realized chasing after him was futile. Instead, I raced home to kill the phone and secure my data remotely before he could change my passwords and steal from me a second time.

The Rising Tide of Phone Theft

Phone theft is rising rapidly. More lucrative than the value of the handset, organized criminal gangs know that our smartphones have become the gateway to a vast amount of our personal financial information. They go to incredible lengths to steal unlocked phones, deploying tactics like “shoulder surfing” and even covertly filming targets to obtain passcodes before phones are stolen, knowing this can unlock passwords for apps and other services.

Disabling a phone’s location signal and locking us out buys them more time to plunder our digital wallets, and financial apps, and steal digital assets like crypto, plus our personal details and photos. Chillingly, these could be used to defraud us in the future or target our friends and family members.

I lost a phone and several days of my life dealing with the financial fallout. I was lucky not to lose more. However, I gained valuable knowledge about what’s fueling this crime wave and how we can better protect ourselves.

The Epicenter: London

London is the epicentre for phone theft. Based on Metropolitan Police data from those who have reported, a phone is stolen every 10 minutes in the city. There was a 33% increase in reported mobile phone theft from a person in the year to January 2024, and over one-third of offences took place in Westminster.

The statistics don’t tell us how phones are stolen, but from my anecdotal conversations with victims, bike swiping is rife since it’s easy to hire an e-bike or scooter for a fast getaway. As a woman, I could have made an easier target.

“Criminals want to make sure when they grab a phone, it’s unlocked; otherwise, they’re going to end up with just a phone,” says Tony Sales, a reformed fraudster who founded the crime prevention consultancy We Fight Fraud.

A locked handset could have a street value of a few hundred pounds if it’s a recent model, he says. But if unlocked, it could generate multiple thousands of pounds if criminals can get into the settings, change passwords, and compromise other security features: “You’re locked out, and then they start to monetize your data.”

Predatory Behavior

Look up and down any London street, and huge numbers of people walk around with their phones unlocked in their hands, openly on display. They might have their headphones in and not be aware of their surroundings—but the criminals are paying close attention. “It’s predatory behaviour,” says Sales. “They are like lions stalking prey, and unfortunately, women make easier targets than men. It’s very unlikely a woman will try to punch you, and a man has more strength to grab someone.” The cleaner the snatch, the less likely it is that a screen lock will be activated.

Women are only marginally more likely to be victims of phone theft according to ONS crime survey and police data. However, the data does not drill down into the different methods criminals use, and many crimes of this nature go unreported.

A Lucrative Revenue Stream

Sales think large increases in phone theft in the past year have occurred as more gangs realize it’s a “lucrative revenue stream.” As he says, it requires less effort and violence than drug dealing, with a lower likelihood of getting caught and lower penalties if you do. The amount of money gangs can make is potentially much higher—especially if they can use your phone to crack your digital life open.

The Dublin Pickpocket

Tech executive James O’Sullivan was drinking with friends in a bar in Dublin last autumn when he realized his phone had been pickpocketed. Assuming face recognition would prevent criminals from accessing his device, he thought his biggest problem was not being able to get an Uber home. A day later, he realized he’d lost tens of thousands of pounds.

How? “I think a spotter observed me using my phone PIN during the night,” he says, adding how easy it is for criminals to “shoulder surf” in crowded places, covertly film victims, or even hack into CCTV—then steal their phones to order.

Multiple bank and credit cards were stored in his smartphone’s digital wallet, and criminals wasted no time purchasing high-value electrical items, spending slightly less than £10,000 on each credit card to avoid triggering daily spending limits.

Marking a phone as “lost” by logging into your account online via another device will disable its digital wallet, but O’Sullivan was unable to do this as criminals had reset his password. “Crypto and banking apps on your phone are very well protected from someone who hasn’t got your phone, but all of the two-factor security codes, notifications, and emails to reset passwords are delivered onto the same device,” he says.

His banks refunded the stolen money very rapidly, but this consumer protection does not extend to stolen crypto, which is much easier for criminals to transfer to a wallet they control.

Cracking Crypto and Banking Apps

Sales agrees that crypto apps will be one of the first things a criminal will try to crack, knowing that many users simply store their holdings on an exchange. So-called “cold wallets”—holding assets while unconnected to the internet—are much more secure. Coinbase offers a free “vault” function for users to store digital currency offline with a 48-hour delay before withdrawals are processed.

Transferring money from bank accounts requires a network of money mules to disperse transactions rapidly across multiple accounts. But if criminals have this capability, they will also use people’s overdrafts and even apply for personal loans within banking apps, knowing that money can be deposited in the compromised account within minutes.

O’Sullivan has channelled his experiences into launching a new phone security app, Nuke from Orbit. Currently, in beta testing, it will act like a digital panic button, allowing users to disable remotely their SIM and an array of online accounts in one go.

Innovative Security Features

Tech giants Apple, Google, and Samsung are all coming up with more innovative security features to protect users (see sidebar), but these are only effective if you know about them and switch them on.

Losses from mobile banking fraud increased by 17% to £18.7 million in the first six months of 2023, the highest recorded total, according to banking trade body UK Finance. The number of cases also hit a new record, increasing by 32%, with average losses per customer of £2,314.

Dianne Doodnath, principal in economic crime at UK Finance, stresses that 98% of unauthorized fraud is refunded within 24 hours of customers reporting it to their bank. “Millions of people use online banking to transfer money and take out loans legitimately, and we have to strike a balance,” she says. “If criminals find more ingenious ways, banks will start putting more restrictions on.”

While consumers want easy access, she says that recently, “some member research is coming back saying people would rather have more friction as it makes them feel safer.” Increasing your own “cyber hygiene” is one way of doing this.

Research by Nuke from Orbit found that nearly half of people use the same PIN to gain access to their phone and multiple apps, services, and bank cards, making it even easier for criminals. Storing multiple bank cards and your driving license in your phone case is a further gift to them.

The Aftermath: Phishing Attempts

A few days after my phone was swiped, I purchased a new handset and was back up and running on the same mobile number. But my ordeal was not over. Next, the phishing attempts began.

I received a text purporting to be from Apple’s “Find My” service, saying my lost iPhone had been located, with a clickable link. The FT’s cyber security team found this led to a very convincingly designed fake Apple page, asking for my phone’s passcode.

The next day, I received a similar message with a more menacing tone—”Your iCloud photos are being shared with another user”—urging me to click on the same dodgy link. I have since had phone calls—some automated, some from actual people—claiming to be from organizations I have accounts with, saying they need to “reset my security details.” I am sure this is not a coincidence and have not fallen for the scams. But every time it happens, my heart skips a beat.

Once a criminal gains access to your phone data, there are many other ways they could monetize it. Fraudsters could contact friends or family via social media or messaging apps asking for cash. If I had nudes on my phone (heaven forbid!), these could have been used to extort money from me. Sales says that even innocuous photos could be useful for scammers to use in subsequent romance fraud attempts.

The level of access can be startling. Challenge your partner or a family member to see how far they can get into your phone without your face but with your passcode. For many apps, if Face ID fails, it defaults to the passcode or a two-factor authentication to reset the password via SMS or email—which, of course, are delivered to the phone.

The Intelligence Gap

As for the phone itself, once the SIM is locked and the phone logged as stolen, it can’t be used on any UK networks and will flash up as stolen if anyone tries to pawn it or sell it to a reputable secondhand shop. However, that doesn’t render it worthless.

Because UK handsets operate on the GSM standard, barred handsets can be shipped overseas and used on foreign networks with a new SIM card.

Hamish MacLeod, chief executive of Mobile UK, which represents the main UK networks, says there is quite an “intelligence gap” about what happens to stolen handsets. “The suspicion is that there are organized crime gangs behind this who are aggregating the stolen phones and re-exporting them around the world in shipping containers,” he says.

Within the UK, stolen handsets can be broken down for spare parts (screens and camera lenses are very valuable). The police are having to fight this crime wave on multiple fronts.

Met Commander Owain Richards says he understands the impact phone theft can have on victims. “It’s an invasive and sometimes violent crime, and we’re committed to protecting Londoners and tackling this issue as we make the capital safer,” he says.

Theft hotspots in areas such as Westminster are being targeted with increased patrols and plainclothes officers to deter criminals, and the police are using technology to build intelligence and track stolen phones to single out offenders. “We are also working with phone firms to design out the ability for phones to be reused and sold on as we seek to dismantle the criminal market that fuels robbery.”

Prevention Is Key

The best form of protection is prevention. However, not having your phone on display in public is easier said than done. Transport networks are a hunting ground for thieves. The first thing people tend to do when coming out of a Tube or rail station is check their messages or use apps to look for directions.

I now use my smartwatch to tap and pay on public transport and receive notifications from mapping and taxi apps, meaning my phone can stay zipped up in my bag. I have also reduced the number of cards stored in my digital wallet and offloaded the bulk of financial apps from my phone to a tablet that never leaves the house.

The only real financial harm I suffered was the cost of a replacement handset. In the past year, the UK was the number one country worldwide searching for gadget insurance, according to Google Trends. Searches for “device protection” and “anti-theft bags” also hit an all-time high this April.

You might be able to get a new phone on insurance, restore your data from the cloud, and have stolen money refunded. But until this happens to you—and I hope it never does—you simply don’t realize how much of your life is on your phone, nor how much hassle and stress its loss can cause.

The statistics do not reflect the true cost or seriousness of this crime, nor the level of financial fraud that phone theft is enabling—or the scale of the international black market for stolen devices. We need these dots to be connected so more crime-fighting resources and tech, telecoms, and financial industry efforts can be focused on tackling this problem—not to mention raising consumer awareness of the risks.

I am holding onto my phone much more tightly these days. Having read this article, I hope you will be too.

How Safe Is Your Handset?

My phone had an array of additional security features, but sadly, I only found out about some of them after it was stolen. Speed is of the essence if this happens to you. Help pages for Apple, Google, and Samsung are packed with information about what to do in the aftermath of a theft—it’s well worth doing a safety drill to familiarize yourself.

The widening array of security features being added to phone operating systems shows the big tech firms recognize phone theft is a growing problem—and not just in the UK.

Apple’s latest iOS update rolled out Stolen Device Protection, which helps prevent thieves who know your passcode from making critical changes, such as changing your Apple ID password. If your iPhone is away from a familiar location such as your home or workplace, a delay of one hour will apply before changes can be made. Plus, biometric authentication will be needed to access stored passwords and credit cards with no passcode fallback. However, you need to activate this and have location services switched on for it to work.

Most Android phones come with a built-in feature that allows you to lock individual apps with a PIN. This will create more friction for criminals—but could also make your phone less convenient to use.

Locking criminals out by setting up a separate, physical security key such as YubiKey to provide two-factor authentication codes (which are not sent to your phone) adds an extra layer of protection but, as with other measures, some additional hassle. Still, this is nothing compared with the stress of having your phone and data stolen.


Add comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.