The South African Banking Risk Information Centre (SABRIC) is warning South Africans against mobile phone snatching fraud.
While the theft of mobile phones is nothing new, SABRIC said there is an emerging trend where personal and confidential information from these phones is used to commit crimes.
SABRIC said people should be aware that their phone stores far more information than what they may be aware of.
“This is even more applicable if you use your mobile device to do your banking. Remember, your phone is equal to a bank card and could even act as a gateway to your bank account,” SABRIC said.
“Because so much sensitive information is on our phones, we need to take mobile security very seriously,” said SABRIC acting CEO Susan Potgieter.
How criminals access information on your phone
There are a number of ways that criminals can access information stored on your phone if it is stolen.
One way is to access all open applications on your unlocked phone and view your sensitive data.
Another is to use social engineering to obtain your usernames and passwords stored in the cloud.
Tactics used could be vishing, where criminals call you and manipulate you into believing that they are from the bank to coerce you into revealing confidential information like PINs or passwords.
Criminals can also use phishing, where you are sent an email, which you believe to be from your bank or a legitimate service provider.
The phishing emails typically contains a link which opens a web page which asks you for your PIN or passwords.
Potgieter said once your password has been compromised, all other credentials on your phone are available and may be exploited.
“In addition to social engineering, your credentials could also be compromised through shoulder surfing in public places such as restaurants,” she said.
What you should do if your phone is stolen
When your mobile phone is lost or stolen, you should immediately contact your bank to deactivate your banking app, block cards, and block your bank account.
“Make sure you always have your bank’s hotline number stored somewhere other than on your mobile phone,” said Potgieter.
If you have activated the ‘Find My iPhone’ or ‘Find my Device’ facility, locate or wipe your device.
“If you receive an email or SMS after doing this, don’t click on any links as these are not safe,” she said.
“When a bank client’s mobile phone is stolen, they tend to focus on protecting their photos and social media profiles – however, their highest priority should be protecting their money.”