The South African Banking Risk Information Centre (SABRIC) recently issued a warning informing bank clients to take precautionary measures to ensure that their mobile devices are well-protected. The warning is as a result of there being a significant increase in phone snatching.
The theft of phones is not a new occurrence as it has been occurring for a long time. However, there has been an increase in this criminal activity in the past year, which means that people need to become more vigilant so that they do not become victims of the crime. Phone snatching involves criminals snatching mobile devices from their owners. In most instances, these mobile devices offer criminals the opportunity to gain access to the owner’s confidential and personal information, which they will use to commit crimes.
The most common crime occurring due to phone snatching is Bank App fraud, as this was reflected in the annual report on crime for the year 2020. In the incidents where there was Bank App fraud, none of the reports indicated that the banking app software had been compromised to commit the fraud.
Several techniques and methods can be used for phone snatching. However, for criminals to gain access to your apps, they need to have the correct credentials. The criminals would need to have previously accessed your credentials through social engineering methods, including phishing or shoulder surfing. However, in most instances, the credentials are usually compromised through vulnerabilities that might exist in how the information is handled. Common ways that make you vulnerable include using the same password and username for multiple apps and saving your credentials on your mobile device.
There are methods that criminals can use to gain your personal information, and the first is vishing, where the criminals call you and make you believe that they are from the bank. Their sole intention is to coerce you into revealing confidential information, such as your passwords and PINs. They could also use phishing where they send you an e-mail where they pretend to be a service provider or are from the bank. The criminals will request you to click on a link to ask for your passwords or PINs.
Once criminals gain access to your mobile device, there are many ways that they could access the information stored on your mobile device. If your device is unlocked when it is stolen, they can quickly access all the applications on your phone and view any sensitive data stored. You might feel safer if your phone is stolen while it is locked, as you might have placed some security measures. However, criminals could also use social engineering to gain any usernames and passwords that you may have stored in the cloud.
Most criminals who commit this crime are willing to risk their lives to snatch a smartphone and get away with it. When looking for targets, criminals usually go for people who seem distracted and might not be paying attention to their surroundings. They will usually go for phones hooked up to vehicles, those that can be seen peeping from back pockets, phones placed next to the owner on restaurant tables, and those used against the ear. When they spot someone who is distracted, they will strike quickly, snatching the phone from the victim and make a quick getaway into a car that is waiting for them.
Phone snatching is not dangerous because of the possibility that you will lose your mobile device. However, the greatest danger is the personal and valuable data that is stored on that device. Once the criminals snatch away your mobile device, they will have access to your delivery services, banking apps, and personal information, including your bank statements, copies of your ID, and proof of residence. They will also have unrestricted access to your SIM card and e-mail. As they have your credentials and personal information, they could use this as a way to defraud you.
Tips to mitigate and manage risk
It might be scary to think that you might become a victim of phone snatching. However, there are many methods that you can use to manage the risk. To do so, you should follow the tips offered below.
- The key to mitigating risk is by avoiding becoming a victim of phone snatching. When in public spaces, you should hide your mobile device in your jacket or bag. It might be tempting to answer calls or reply to WhatsApp messages, but this leaves you vulnerable as this makes you an easy target. Instead, you should respond to these messages when you are in a safe place or at home. When in public spaces, ensure that you do not leave your phone unattended or in clear views, such as tables.
- Ensure that you regularly reset and change your passwords and PINs. When choosing passwords for your mobile device, they must be different and complex for each app. You should also avoid saving your app usernames and passwords on your device, whether in the contacts or notes.
- If your mobile device is snatched, immediately report it to the bank. The quicker you contact the bank, the faster they can secure your bank account and deactivate your banking app. If criminals gain access to your account before you contact the bank, you should still report it as you will need to confirm with them the next steps they should take.
- Ensure that you contact your mobile service provider so that they can block your sim card and freeze your cell phone account. Blocking your sim card will ensure that you avoid any potentially pricy added costs that the criminals will incur from your mobile device.
- Suppose your mobile device contains any personal documents that contain your proof of residence or identity details. In that case, you must contact the South African Fraud Prevention Services (SAFPS) as any fraudulent activity on your account could get you blacklisted.
- You should compile a list of your mobile device’s applications, e-mails and social media accounts and ensure that you change all the passwords. This ensures that you limit any fraudulent activity that might occur from your phone.
- You should notify your friends and family when your mobile device has been compromised as they might be contacted by the criminals pretending to be you.