Amid ongoing and seemingly increasing incidences of fraud, it has been alarming to learn of a new wave of data theft of late. And it isn’t digital.
I should be relieved but I’m not.
What’s more, we’re not just dealing with physical theft but physical theft of mobile phones, the object of which is not the device – no longer the actual handset – but the data therein.
And the way they’re going about it? Physically. Welcome to the new world of the physical data breach.
That’s right, folks. The goal now is immediate access IRL (In Real Life) to personal details, sensitive financial information, you name it, and this means they want it unlocked.
If it weren’t such a clear and present threat it would be refreshing – such a lo-fi tonic in the digital blur of online data security, privacy and anti-fraud solutions. But this takes the biscuit.
At least in the digital realm you still have the option of turning everything off, shutting it down.
Claer Barrett of the FT wrote about a harrowing experience when her phone was snatched out of her hands in a matter of seconds waiting for a bus, prompting us to look into it. And then just days later a friend told of her boyfriend’s similar experience.
Old-school tactics – evolution in reverse
There is a rise in phone theft at the moment and the new swathe of fraudsters are after unlocked devices.
They’ll go to creative and patient lengths to achieve this, observing people surreptitiously to know when to strike, sometimes “shoulder surfing” to obtain passcodes, or coming up with an elaborate decoy.
In the case of my friend’s boyfriend, it was late at night, he was ordering an Uber for his friend, a group of guys approached them to start a conversation about designer clothes, wanting him to load up a site on his phone.
Despite not engaging with them, his phone was suddenly snatched and they pelted off down the street. Being moments away from his flat proved inconsequential – they had disabled the location service and were having a good old look around.
Hours later, the criminals started to contact my friend and the boyfriend’s parents trying to extort money.
Photos can be used similarly as blackmail collateral and a whole phishing line, excuse the pun, can be extended trying to trick the victim into sharing their passcode to “retrieve” access to their account, as happened in Claer Barrett’s case.
The sheer unlocked value
A study in April 2024 was published by UK fintech startup, Nuke From Orbit, examining the trend in smartphone thefts, highlighting that “in 62% of cases in the UK, the repercussions extend far beyond the initial loss of the device” to digital wallet theft, mobile banking compromise, with social and email account access helping the perpetrator double down and extend the violation to all of the above and more.
The report also suggests that biometrics have led to a certain complacency taking hold.
Once a device is snatched while in use, and unlocked, the passcode can be changed in a matter of seconds if it has been observed and noted, whereby the account holder is locked out.
Moreover, if the PIN is the same to access various apps and services, which the report found it was for 45% of users, and wherein it defines the complacency, then it’s easy street for the attacker.
Equally, a PIN or passcode can bypass biometrics to access bank cards stored in a digital phone wallet. Apparently 58% of respondents knew this.
Stats everywhere show an increase in mobile theft and robbery (theft by force).
The London Met Police issued figures in late 2023 stating 70% of all London thefts related to mobile phones and that in 2022 almost 250 phones a day were stolen. Numbers are similar elsewhere.
Phone companies are and will continue to respond to this, enhancing security features, which everybody is urged to stay abreast of.
I must say, it does make an additional case for wearables, being slightly harder to remove from one’s person.
The post Welcome to the new world of the physical data theft appeared first on Payments Cards & Mobile.
