Modern smartphone security standards make it difficult for thieves to access personal data on your smartphone.
Chances are, if your smartphone is ever swiped by a criminal, they will need to wipe the device before using or re-selling it as it will be secured with a PIN or biometric authentication.
This is a good thing, too, as the amount of personal data we entrust to our smartphones has made their security of paramount importance.
If someone were to gain access to an unsecured smartphone, they could access the owner’s mobile banking app, their emails for two-factor authentication purposes, and even their credit card details through platforms like Google Pay.
Some smartphone thieves have attempted to trick their victims into supplying their credentials to access this sensitive information, as recently experienced by a MyBroadband reader.
Phishing iCloud details
A MyBroadband reader recently had their iPhone Xs stolen, and scammers took advantage of this to deliver the following mail to the owner:
Lost Device X 64GB Grey has been located and is online today at 16:31PM. Please use the link below to view its last location and track your lost device.
Clicking on the link presents the user with a fake iCloud login page on a website hosted in Russia, pictured below:
The page prompts the victim to input their iCloud sign-in details, which they are likely to do in an attempt to find their stolen iPhone.
Verifying the URL before inputting your credentials is crucial, but these scammers hope that the user is desperate enough to recover their stolen smartphone that they will not notice the various indicators which point to the website being fake.
Once they have entered their iCloud details into this portal, the Apple ID and password are automatically scraped and used to access the victim’s iCloud account.
The attackers can then access the victim’s banking details, stored photos, and lots of other sensitive information. If users fall prey to this phishing attack, they will need to cancel all bank cards and accounts connected to their iCloud account.
How to protect yourself
It is important to secure your smartphone using a PIN or biometric authentication to protect against thieves who wish to access your personal data.
In addition to this, you should only enter your Google or Apple credentials on the official websites. Do not click on any links provided in emails and ensure the URL is correct before logging in.
If your smartphone has been stolen, the safest choice is to note the device’s last known location and either lock the smartphone or wipe the device remotely.
You can do this through Google’s Find My Device portal or Apple’s Find My iPhone page if you have activated the relevant feature on your smartphone.
These tools can be used to track your smartphone, which may assist authorities in recovering the device. It is important that you do not provide your Google and iCloud login credentials to anyone, as these can be used to compromise almost every service linked to your smartphone.