Claer Barrett, writing about the theft of her mobile phone in the Financial Times, summarises our modern age succinctly. Look up and down any London street, she says, and you will see many, many people walking around with their phones unlocked in their hands despite the fact that the latest official figures (from the UK Office of National Statistics) show that over the last decade mobile phones have overtaken cash and payment cards as the items most often stolen from individuals in the United Kingdom. As it happens, my iPhone was stolen in London a few months back. Now, my iPhone is my bank accounts, my payment cards, my loyalty cards, my event tickets and everything else. What scared me most was losing my identity, not losing my money: But I saved both, thanks to some basic precautions.
Stop Thief!
In the UK, mobile phones theft is more than a nuisance. Reported mobile phone thefts grew by a third in the year to January 2024 and losses from mobile banking fraud increased by 17% to £19 million in H1 of 2023, the highest recorded total, with average losses per customer of £2,314. A mobile phone is reported stolen in London every six minutes.
The theft hot spot is Westminster, where almost a third of the thefts occur. In fact, that’s where mine was stolen. To cut a long story short, I got distracted by woman begging in a coffee shop. She was pestering my colleague and we were telling her to go away. She was waving around some papers. When she left, I realised my phone was gone. She had covered the phone with the papers and snatched it. I ran out of the door and saw her going down the street so I ran after her but she got into the back seat of a waiting car that drove off.
There was nothing more I could do than memorise the registration number and go back to the coffee shop. Back at the table I used my colleague’s phone to call the police and report the theft. Interestingly, the manager of the coffee shop asked me for the crime number given to me by the police, because these crimes happen so often that they send the crime number to their head office which then sends the CCTV from inside the store to the police!
While I was talking to the police, I used my laptop to log in to iCloud to locate the phone, mark it stolen and set it to erase. What worried me more than the criminals getting into my money (after all, since I had not authorised the transactions, the bank would have to refund me) was them getting into my identity. Money is fungible and recoverable, reputation is non-fungible and non-recoverable. and I had remembered that my photos included more than one picture of my passport and my driving licence (and, indeed, me holding a copy of my passport up next to my face because of some dumb onboarding procedure) and therefore my whole identity.
(Why? Well, because of a variety of financial services that, lacking any working digital identity infrastructure, require you send valuable personally-identifiable information instead. With the last couple of months I’d sent these pictures to a couple of banks, to Google
Google
Google
The criminals had turned the phone off to prevent tracking, of course, but I got confirmation that my Apple
Apple
Since the phone had been turned off to prevent tracking (it later showed up in Southend in Essex, so at least it wasn’t having fun), I felt reasonably safe. I was pretty sure that criminals wouldn’t be able to unlock the phone but this is where there the criminals are getting smarter though. A senior UK fraud officer, Detective Superintendent John Roch, says that British criminals are getting better at exploiting human behaviour. Thieves typically “shoulder surf” victims to catch them entering their PIN before stealing the phone.
It seems that American criminals adopt similar procedures. The Wall Street Journal, just to choose one illustrative example, reports on the case of a Manhattan woman who was leaving a bar when her iPhone was snatched by a man who had watched her enter her PIN earlier. Within a few minutes she was was locked out from her Apple account and within a day, $10,000 vanished from her bank account. Perhaps the “beggar” or an accomplice had watched me enter the PIN and could access the photos! I was pretty sure I hadn’t entered the PIN in the coffee shop, but I couldn’t be certain. I at once resolved to use only my contactless payment ring to pay in any public place henceforth and then headed home to begin the recovery process.
As for other precautions, by the way, I had long ago set the phone not display message previews when locked. You should do this too, immediately, in order to stop criminals from seeing the one time codes that some financial institutions still insist on using for security. Then I felt reasonably secure. After all, my bank cards were at home since I don’t take them out with me any more, so the criminals couldn’t have stolen my wallet to get my bank account numbers or anything else).
Restart
The next morning I went to the mobile phone store to pick up another iPhone and have my number ported to it. I logged in with my new Apple ID and the phone was restored. This went very smoothly and I was up and running within the hour, so the disruption to my life was minimised.
(Well, almost: over the next couple of days I found myself having to look up password to log in to everything again, but in the great scheme of things, it was survivable.)
Here then is my three point plan for surviving financial catastrophe after iPhone theft, based on my lived experience. If your iPhone is snatched:
- Use your laptop (or a friend’s laptop) log in to Apple immediately, wipe the iPhone and change your iCloud password.
- Use your spare phone (or a friend’s phone) and call the phone company get the number blocked.
- Call the police.
I survived, you can too.