Smartphones now provide a gateway to a vast amount of financial information. However, the convenience of digital finance means that it is inherently vulnerable.
If you lose your smartphone, the financial risks can be significant as there is a substantial amount of personal and money-related data on your device.
“We all keep our lives on our devices nowadays. This includes access to our financial accounts. Once a criminal gains access, because most one-time passwords are sent to a device, so when it is either stolen or compromised, the criminal can move money or crypto quickly,” says Tony Sales, a reformed scammer who has now founded the consultancy We Fight Fraud.
“The first thing criminals do once they have a phone, they access all the apps and plunder the bank or crypto accounts. Most of us keep images and important data on our devices, like passport copies or driving licences, these are used by criminals to steal identity. They also gain access to emails and contacts.”
While some criminals take the phones, others watch your actions, says Mr Sales, who became a criminal at the age of seven and was captured and sentenced to a year in prison in 2010.
If in public, you should always be careful when putting in a PIN as if you were at an ATM, he warns. Be aware of who is around you as sometimes scammers will observe and memorise your password.
“My past life gives me an insight most people don’t have,” says Mr Sales, who claims to have advised governments, law enforcement and some of the world’s biggest brands on cyber security.
“We should all be using cyber security on any device we use. Awareness can be the greatest defence against crime and criminals that target us.”
A treasure trove of data
The latest figures from the UK Office of National Statistics show that, over the past decade, mobile phones have overtaken cash and payment cards as the items most often stolen from people in Britain.
Reported mobile phone thefts in the UK grew by a third in the year to January 2024 and losses from mobile banking fraud increased by 17 per cent to £19 million ($24 million) in the first half of last year, the highest recorded total, with average losses per customer of £2,314.
A mobile phone is reported stolen in London every six minutes, according to official data.
About a quarter (26 per cent) of mobile theft victims also experienced fraudulent transactions, according to a survey by money insights provider Intuit Credit Karma.
“A stranger could gain access to your banking apps to transfer money and make unauthorised transactions, draining your accounts and adding expenses to your credit card,” says Carol Glynn, founder of Conscious Finance Coaching.
She warned that personal information could be used to steal a person’s identity and open fraudulent accounts, while emails, text messages and notes stored on the phone may contain sensitive information.
“If your phone is linked to other devices or accounts, such as your computer or smart home devices, a stranger could gain access to these as well,” she says.
They can also access Google or Apple Pay accounts to make unauthorised purchases. If your phone stores payment details for apps or online shopping accounts, criminals can make purchases using your saved methods, Ms Glynn says.
Identity theft, phishing
By obtaining personal information, from addresses and dates of birth to banking information and even health and medical information, it becomes easier for scammers to not only steal identities but also sell personal and financial data online, according to Chris Keeling, chartered financial planner at The Fry Group.
Scammers can apply for loans and credit cards using a person’s information – they can take the funds but leave the liability to repay with the account holder, he warns.
“The thief can use your information to craft convincing phishing scams aimed at your contacts, pretending to be you, attempting to gather more information or money from them,” Jay Adrian Tolentino, a financial coach, says.
“This is why enabling Face ID or passcode on all your messaging apps is crucial.”
The first hour after a phone has been stolen is the most crucial as this is when the most information is stolen, according to Alison Soltani, founder of Leap Savvy Savers.
Scammers will often make a backup of the phone as quickly as possible and then destroy it. They might also scam your contacts and install malware on the phone.
It is crucial to block any bank accounts and cards that have apps on your phone as soon as you realise the phone is gone, and if you can, wipe the phone remotely.
Change all passwords on email immediately, she recommends.
Financial and identity details commonly stored on smartphones include login credentials for banking and investment apps, credit card details, digital wallet information, personal identification such as photos of IDs, passports, personal identification numbers and saved passwords for various online accounts.
Steps to keep your phone safe
The most important step to protect your details is to create a solid password, says Maher Yamout, lead security researcher, global research and analysis team at Kaspersky.
“If your password can be brute-forced or discovered by scammers testing out all possible combinations until access is granted, then it is far too weak.
“Where possible, passkeys should be activated, usually through biometric recognition or PIN.”
Do not use the same PIN you use for other accounts and avoid using the autofill function for passwords.
Mr Tolentino recommends using password managers instead of storing codes in notes or browsers. He suggests 1Password or Bitwarden.
Enabling biometric authentication, such as fingerprint or facial recognition, is good for security, Ms Glynn says.
Also set up two-factor authentication for all banking apps and any apps that contain sensitive personal information.
You can also set up notifications to alert you if your accounts are logged in from an unknown device or location, she suggests.
“Make sure to update your smartphone’s operating system and app software regularly. Updates often include security patches that protect against the latest threats,” Ms Glynn says.
“Do not click on suspicious links or download apps from unverified sources. If you are uncertain, check and confirm with the sender as scammers often use these methods to install malware on your device.”
She also warns people not to use public Wi-Fi for financial transactions and if doing so, to use a virtual private network to encrypt data.
A stranger could gain access to your banking apps to transfer money and make unauthorised transactions, draining your accounts and adding expenses to your credit card
Carol Glynn, founder, Conscious Finance Coaching
Ensure “find my device” is also enabled should you lose or misplace your phone, according to Mr Keeling.
A simple trick to protect your data is to ensure you have signed out of any apps that contain sensitive information once you have finished using them, he says.
“Encrypt any sensitive documents or data stored on your phone. Regularly back up your data to a secure cloud service,” Mr Tolentino says.
“Enable theft protection features. iOS has a Stolen Device Protection feature, which will require extra security measures for certain features and actions when your iPhone is away from home or work. Android has automatic protection the moment your phone is stolen.”
Make a plan for what you would do if your phone is compromised, such as remotely wiping the phone, logging out of all apps remotely, blocking all credit cards and filing a police report, Ms Soltani says.
Updated: July 04, 2024, 12:02 PM