‍What is phone theft?

Phone theft is when someone steals your phone, often with the intention to resell it or steal your identity. Whether your phone gets plucked from your back pocket at a dark bar, grabbed from your hands on a crowded subway, or stolen at gunpoint, the victim’s experience of phone theft ranges from terrible to down-right terrifying. Unfortunately, for many victims, phone theft goes from bad to worse when it leads to identity fraud. That’s why it’s included in Prove’s list of 8 major fraud types.

‍When is phone theft most common?

People often have their phones stolen while traveling and during the holidays. 

‍How does phone theft lead to fraud?

When Jocopo de Simone’s phone was stolen from his pocket on London Bridge, he never expected the crime to make headlines. That’s ultimately what happened, however, when shortly after his phone was stolen, his bank account was drained. Jocopo was flummoxed as to how a pickpocket could gain access to his life savings but felt confident he would be reimbursed. When the bank refused to reimburse Jacopo, citing gross negligence, the police and an investigator from the Financial Ombudsman Service (FOS) had to get involved. While the bank claimed that Jacopo must have shared his PIN with someone else, Jacopo swears he did not. If Jacopo is telling the truth, the question then becomes: how are phone thieves bypassing security controls to not only access a user’s smartphone (typically protected by a PIN and facial recognition) but also the user’s banking apps? 

What is phone theft fraud?‍

According to cybersecurity expert Dr. Jessica Barker, there is an established playbook that fraudsters use to defraud victims via phone theft:

1. Criminals 'shoulder surf' a victim to learn their PIN, meaning they sneak a peek at the victim’s phone to watch them enter their PIN.
2. Criminals steal the victim’s phone using a variety of methods including violent muggings, dangerous drink spiking, and silent pickpocketing.
3. Criminals use the PIN to unlock the victim’s phone and then try the same PIN to access banking apps
4. Criminals search the phone's notes section for banking passwords or PINs.

‍

After stealing a victim’s savings, fraudsters can wreak havoc by accessing their other digital accounts. They do this by requesting password resets for commonly used banking, investing, and crypto platforms and waiting for the OTP to be sent to the stolen phone. With the OTP sent to the stolen phone, they can easily reset the account’s password, gaining complete control. This part of the fraud vector resembles SIM swap fraud. 

How can you protect yourself from phone theft?

There are a few very important rules every smartphone user should follow to protect themselves against this unique fraud vector.

• Beware of thieves: sometimes we forget how valuable smartphones are to criminals. You probably wouldn’t pull out a wad of cash on a crowded train, but most people don’t think twice before checking their phone anywhere and everywhere. Don’t forget how expensive your smartphone is. To avoid becoming a victim, exercise discretion when using your phone in public places. Avoid storing your phone in your back pocket or placing it on tables during meals. 
• Prevent shoulder-surfing: One important step in protecting yourself from phone theft-related fraud is to prevent "shoulder surfing." This is when criminals try to steal your PIN or password by looking over your shoulder as you enter it on your phone. To avoid this, make sure to shield your phone screen from prying eyes while entering sensitive information. Use your hand or a privacy screen to block the view of the screen when entering your PIN or password, especially in crowded areas. Additionally, try to choose a spot where nobody can stand behind you while you use your phone, and if possible, adjust the brightness of your screen to make it harder for others to see what you're doing. By taking these precautions, you can minimize the risk of someone stealing your personal information and using it to commit fraud. Side note: shoulder surfing can be conducted by security cameras as well. 
• Fortify your smartphone: Use two different PINS for your phone and your banking app. If a fraudster discovers your PIN by “shoulder surfing,” the first thing they will do after stealing your phone is to try the PIN on your banking apps. The second thing they’re going to do is look in your notes app for that list of passwords you keep. At the very least, lock this note with another unique password or, better yet, avoid writing those passwords down, to begin with.
• Enable remote device wipe. If you can’t find your phone, use a service like “Find My Phone” to locate it. If your phone’s location is moving, chances are it was stolen. At this point, you are in a race against time and it’s critical for you to remotely wipe your phone so you can protect your data from prying eyes and stop identity fraud from occurring. Learning how to remotely wipe your phone before there is an incident is a great way to be prepared. Note: if you lose your work device, contact your IT department immediately. 

How can companies help protect users against fraud stemming from phone theft?

Banks, financial institutions, and companies all play a critical role in protecting customers from fraud that stems from smartphone theft. When the victim contacts their mobile carrier to suspend the phone line and conduct a SIM swap, Prove’s Trust Score and Trust Score+ will detect these changes. By leveraging these metrics in their decisioning flow, banks, financial institutions, and companies can opt not to send OTPs to these phone numbers. As a result, companies can prevent a simple phone theft from turning into a devastating fraud event. 

What is Trust Score+ and how does it work?

Trust Score+ is a dynamic metric that evaluates a phone number’s reputation in real time, providing an effective means for identity verification and authentication. Trust Score+ scrutinizes signals from authoritative sources during a transaction to detect and deter fraud, such as SIM swap fraud and other account takeover schemes. This score can be used across various scenarios to secure the customer experience.

A common application of Trust Score+ is to determine the trustworthiness of a phone line before sending a one-time passcode (OTP), which helps to identify potential risks like an insecure VOIP line, SIM swap, and low SIM tenure. Companies can make an informed decision about sending OTPs by checking the Trust Score first. For example, if the score indicates a recent SIM swap, the company may choose to verify the consumer's identity using an alternative method instead of sending an OTP.

The scores range from 0-1000, with a higher score indicating a higher level of trust. Scores over 630 are typically considered 'high', while scores of 300 and below are categorized as ‘low’. Trust Score's risk model considers various phone intelligence signals, such as phone tenure, line attributes, account activity, and device activity, to evaluate the level of risk associated with a phone number.

Conclusion

Phone theft is a serious problem that can lead to various issues for victims, including identity fraud and stolen funds. Fraudsters use an established playbook to bypass security controls to access users' smartphones and banking apps. To protect oneself from phone theft, it is essential to exercise discretion when using a phone in public places, fortify the phone by using two different PINs for the phone and banking app, and know how to remotely ‘wipe’ your phone and restore it to factory settings. Companies can protect users and their bottom line by leveraging dynamic metrics like Trust Score and Trust Score+ to determine the trustworthiness of a phone number before sending OTPs, thereby preventing phone theft from turning into a devastating fraud event. By taking necessary precautions and being vigilant, individuals and companies can protect themselves from the damaging effects of phone theft and identity fraud.

Want to stop fraud related to phone theft? Speak with a fraud expert today. ‍