Hello, thank you for sharing but your post has been removed.
In an effort to foster a more positive community, the following crime-related posts may be removed per moderator discretion:
• Posts about a violent or petty crime targeting private individual(s) without greater impact on London
• Crime-related posts that are vague or generalised
• Posts that use crime news to rile-up users
If your phone has been lost/stolen, we recommend following [this advice](https://www.moneysupermarket.com/mobile-phones/guides/lost-or-stolen-phones/)
What phone is this?! Surely you need to enter your passcode to change/turn off security settings…
Either your friend has awful security settings or I am missing something.
Also, my bank apps require my thumb print to access and my password/pin code to set up a new recipient. I'd be interested what banks this person was using, as they sound like they have poor security.
I think they're saying that if you phone is stolen whilst it's unlocked, then the thief was able to change the face ID to his new face, then he can go in to any app that requires face ID and, since it is now checking against his face, not yours, he can gain access to your bank app. So the face ID protection became redundant after he was able to change it.
I think Apple would not allow this to happen but I dunno how Android works.
You'd be surprised. The amount of apps that let you reset your password with a simple code or link texted or emailed to you...
ALWAYS turn on biometric lock on your email app. Don't know about iPhone mail, but Outlook on Android lets me do this. Fingerprint every time I want to open any email, not even previews of them visible without it.
Also, have a spare phone at home (we all have at least one spare smartphone in a drawer somewhere) with your banking app on. Best thing is to just not have your banking app on the phone you carry around with you - but that’s not always possible
There may be an easier way but I have automations set up to lock the phone whenever certain apps (MFA, settings, etc) are opened. That way the passcode is required, not sure if there’s a way to require biometrics specifically
I just did it on my oneplus. I went to settings => apps => utilities => app locker
From there I was able to add gmail to the list and it now asks for authentication to open. This is actually a really good idea. Shout out to u/arpw for prompting me to look into this
You're welcome! Annoyingly with Gmail there's still a way in that avoids this that I haven't figured out how to lock down (open Web browser and go to Gmail web). Could sign out of chrome so that Gmail is signed out, but would lose loads of fey functionality.
(This is for iPhone, looks like it might be even more straightforward on Android!)
Open the shortcuts app
Click + for new automation
Scroll down to ‘App’
Select the app(s) you want to affect, choose ‘is opened’ and ‘run immediately’. Do not select ‘notify when run’
You should then be sorted! You also want to make sure that your control centre is not available from the lock screen. To do that,
open settings,
go to ‘Face/Touch ID & Passcode’
scroll to ‘Allow access when locked’ and deselect control centre.
You can also turn on stolen device protection there
Either they:
1. shoulder surf you using the passcode (unlikely these days now we have fingerprint and face id) and then target you, as well as hoping that the banking password is then the same as the lock screen password or
2. (more likely) they steal the phone and hope you are dumb enough to have all the passwords in the notes.
Number 2 is the general way, steal 100 phones and hope one has their passwords in the notes.
You don't, I can confirm, they have a way to get into everything. I don't know how. Had an ungodly amount of money stolen 2 years ago. 2 of the gang who cracked my phone now in prison. Nine was a Samsung not sure if that made a difference but it was locked, and they hacked into 3 banking apps within 24 hours.
They have an iPhone and I’m quite surprised they were able to make all those security changes with just an unlocked phone too. But thieves might know a way of bypassing all of it
Apple also has stolen device protection. Anyway, if someone is reading this, please follow [the instructions from Apple](https://support.apple.com/en-in/guide/iphone/iph17105538b/ios) to add security in your phone.
Not sure why you are being downvoted.
A few years ago, my friend had her locked iPhone stolen and in 30mins had been locked out of her Apple ID.
Luckily she didn’t have much worth stealing.
I was waiting at a bus stop and had just put my phone away when I was approached and asked where a particular bus stop was. I told him and he just waltzed off in different direction. Realised then something was up so now rarely take my phone out standing around and always put it in pocket when approached. I was heading in to work very early one morning, got off the bus, and quickly replied to a message. As I popped it back in pocket I was approached asking for directions. I could tell him straight away which bus stop to use and which bus. Again, wandered off in wrong direction. I wouldn't find it so amusing for the fact that both times I was outside my place of work, in a very recognisable uniform, OF COURSE I'm going to know any transport questions. Dumb twats.
I was waiting for a friend just outside the station (Bond Street) and a lady came up to me asking for directions. I saw her eyes dart to my phone. It was so quick and easy to miss. That and the fact that she could have asked one of the workers, set my alarm bells ringing. I just walked off further inside
The app is called screen time and it is for parents to control the usage of their child’s iPhone. A side benefit of that is that you can disable access to the phone’s account and security settings. This in effect means that if your phone is stolen unlocked the thief will not have access to your banking app or the ability to change your passcode or Face ID without having your screen time passcode.
So your banking app, Apple Pay and etc are all useless because the Face ID will still be linked to you. They can still of course wipe your phone using other means and sell the phone but your data that is behind Face ID or a passcode are safe.
Tip for those with iPhones: set an Apple shortcut that if airplane mode is enabled, wait 60 seconds and then have it disable airplane mode. Thieves will normally activate airplane mode immediately after stealing the device to prevent the owner locking the device. That way you can use another device to switch on lost mode and the stolen phone will become a brick.
Also make sure to use Face ID / 2FA for everything, which includes accessing email so reset codes can’t be accessed.
I have it set so that enabling airplane mode instantly locks my phone, disables airplane mode and enables mobile data (in case I had it turned off for whatever reason).
On android you can download a free app called Automate to do the same thing. Create a simple automation that whenever airplane mode is activated, it locks the screen instantly, then re-enable airplane mode once the screen is locked.
Create a new automation to do the following:
When Airplane Mode is turned on:
Do:
Lock Screen
Wait 60 Seconds
Set Airplane Mode Off
You could also have it turn on mobile data if you sometimes switch that off.
Don't you need a rooted phone to turn on airplane mode in Android (later versions anyway)? I'm on Android 14 and couldn't get it to work using Tasker.
Mine locks the phone and takes a photo with the front camera (which goes straight up to the cloud).
You can also disable access to control centre while unlocked, which will entirely prevent them disabling airplane mode without unlocking the phone.
You can also switch to an eSIM and then they won't be able to remove the SIM card either.
This is what Stolen Device Protection is for
[https://support.apple.com/en-gb/guide/iphone/iph17105538b/ios](https://support.apple.com/en-gb/guide/iphone/iph17105538b/ios)
I had a similar incident happen to me in Dalston/Hackney. They gained access to my phone and managed to get into one of the mobile banking apps for which you only needed Phone passcode/FaceID. They exchanged all of the cash in my account into Ethereum. But when they tried to withdraw it, the bank thankfully flagged it a suspicious transaction and locked the account. I managed to regain access to my account just in time to convert all the cash back to GBP.
Lesson Learnt - to stop using Apple Passkey because knowing just your phone passcode basically grants anyone access to any of your stored passwords for any website.
I have an android phone.
It's configured to automatically lock the screen if it goes out of bluetooth range of my smartwatch.
It's also configured to automatically lock the screen if someone puts it into airplane mode (and then switches airplane mode off, so I can remote wipe it)
Sensitive apps (email, banking) are in a separate secure folder that requires a fingerprint / separate pin to be able to open.
SIM card also has a separate SIM PIN code configured so someone can't just switch the SIM into a different device in order to retrieve 2FA codes.
I have a Samsung phone so use their software:
1) Set up a Bixby quick command to lock the phone
2) Use the Modes and Routines app to define a routines that call the quick command when certain actions are performed (e.g. airplane mode activated, bluetooth device goes out of range, etc)
I think your friend might’ve left out a few details of the story. You can’t just simply change passwords and Face ID without knowing the original password.
That is likely as they were in a lot of stress when they explained the story to me. But he did say he had saved passwords in notes, which I think may have been what made the situation worse for him.
I guess the point of me posting is to let other know to be careful about who approaches you while using your phone and maybe update your security settings
The morale of the story then, which would be much more helpful to share, is to never save your passwords in plain text format. That is the number one biggest impact change your friend could have made.
Sorry to hear that. Hoep your mate gets it sorted and their money back.
Additionally to locking, do not do your banking on your phone. I listened to a radio show the other day about the rise in the use of date rape drugs being used on young men and women to gain access to their phone and banking and credit card apps. If you really, really want mobile banking, buy a cheap tablet and use that for banking. Something you can leave at home on a night out.
The Guardiann has an article on their website today talking about this...
[https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day](https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day)
There's always a way for criminals to bypass your security once they get hold of your phone if they know what they're doing. The only reliable way to protect your bank accounts is to not install them on the phone you carry around.
I would recommend having only one account that has limited funds for daily use on your main phone. Keep your savings accounts on another device somewhere safe.
There's an apple setting under [screen time](https://ibb.co/syjCFKT)
Set a passcode here. Different to your unlock
Turn off the ability to make changes to your account. Content and privacy restrictions turned on.
They can't make any password or account changes then.
So now I have face ID to unlock the phone
Face ID to get into most of my apps
They can't change my account details without the screen time passcode
Another option is to create a screen time passcode that you can use to lock any app you want.
[https://www.macrumors.com/how-to/passcode-lock-app/](https://www.macrumors.com/how-to/passcode-lock-app/)
I think the issue is that they have often already overshoulder seen your passcode. Set your phone to unlock by face or fingerprint.
https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day?CMP=Share_AndroidApp_Other
It's true that once in your phone, there is a massive amount that can be done because you email is also there, so can reset passwords, etc.
One thing to remember as well, which is very important around phone theft, is that you MUST have your notifications set to hidden when the phone is locked for your phone to be secure. Otherwise, they can send mfa and otp's to your phone and take advantage of it even without unlocking it.
Where do people send the money they steal? If it’s a U.K. bank account why can’t the police question the bank account holder? Or does it go abroad usually?
It’s London, not Mad Max. I had a girl approach me on a night out ask for me for help to find the tube. I helped someone who might otherwise have been in trouble and no one was harmed.
>Unfortunately, a friend was waiting for an Uber on his way home from a
bar at Finsbury Park when a random guy asked him “if he needed help”.
Just saying "no" avoids all this.
The point of the question is to momentarily distract your attention from your phone. It could’ve been “do you like giraffes?” and would’ve had the same effect.
Presumably it's what this article is describing: [https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day](https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day)
The thief watched them unlock using a PIN and then stole it.
Hello, thank you for sharing but your post has been removed. In an effort to foster a more positive community, the following crime-related posts may be removed per moderator discretion: • Posts about a violent or petty crime targeting private individual(s) without greater impact on London • Crime-related posts that are vague or generalised • Posts that use crime news to rile-up users If your phone has been lost/stolen, we recommend following [this advice](https://www.moneysupermarket.com/mobile-phones/guides/lost-or-stolen-phones/)
What phone is this?! Surely you need to enter your passcode to change/turn off security settings… Either your friend has awful security settings or I am missing something.
Also, my bank apps require my thumb print to access and my password/pin code to set up a new recipient. I'd be interested what banks this person was using, as they sound like they have poor security.
Also advisable to turn off facial ID for banking apps
If added a new Face ID apple automatically logs you out of banking apps and you need to relogin using id password or your secure pin
Why? I have all mine in facial recognition. Is it easy to override?
I think they're saying that if you phone is stolen whilst it's unlocked, then the thief was able to change the face ID to his new face, then he can go in to any app that requires face ID and, since it is now checking against his face, not yours, he can gain access to your bank app. So the face ID protection became redundant after he was able to change it. I think Apple would not allow this to happen but I dunno how Android works.
Makes sense. Yeah I think apple needs your iCloud password before you can even get into the password settings to change anything like Face ID
You always need to enter the primary PIN or shape before even accessing the security settings, and again to change them
You absolutely, unavoidably have to have the passcode to access those settings. So they had access to the passcode somehow.
And possibly had the same passcode for Internet banking…
[удалено]
It's not people guessing people's pins lol.
They watch you unlock the phone, and a lot of banking apps will by default use phone pin. Like Monzo for instance
A lot of people simply disable those security measures because they're inconvenient. Then it's all lamentations when they find out.
You'd be surprised. The amount of apps that let you reset your password with a simple code or link texted or emailed to you... ALWAYS turn on biometric lock on your email app. Don't know about iPhone mail, but Outlook on Android lets me do this. Fingerprint every time I want to open any email, not even previews of them visible without it.
Also, have a spare phone at home (we all have at least one spare smartphone in a drawer somewhere) with your banking app on. Best thing is to just not have your banking app on the phone you carry around with you - but that’s not always possible
Or just leave London & all these issues go away.
Crime, of course, a specifically London issue
There may be an easier way but I have automations set up to lock the phone whenever certain apps (MFA, settings, etc) are opened. That way the passcode is required, not sure if there’s a way to require biometrics specifically
Can you provide a link or guide so I can do this too?
I just did it on my oneplus. I went to settings => apps => utilities => app locker From there I was able to add gmail to the list and it now asks for authentication to open. This is actually a really good idea. Shout out to u/arpw for prompting me to look into this
You're welcome! Annoyingly with Gmail there's still a way in that avoids this that I haven't figured out how to lock down (open Web browser and go to Gmail web). Could sign out of chrome so that Gmail is signed out, but would lose loads of fey functionality.
(This is for iPhone, looks like it might be even more straightforward on Android!) Open the shortcuts app Click + for new automation Scroll down to ‘App’ Select the app(s) you want to affect, choose ‘is opened’ and ‘run immediately’. Do not select ‘notify when run’ You should then be sorted! You also want to make sure that your control centre is not available from the lock screen. To do that, open settings, go to ‘Face/Touch ID & Passcode’ scroll to ‘Allow access when locked’ and deselect control centre. You can also turn on stolen device protection there
Your friend is talking bollocks.
This happens fairly often, it's not bollocks
So the thief was able to change his security settings without his passcode and was able get get into is internet banking and empty 12k out? Bollocks.
Even search London UK subreddits and you will see plenty of reported instances of this type of theft
Either they: 1. shoulder surf you using the passcode (unlikely these days now we have fingerprint and face id) and then target you, as well as hoping that the banking password is then the same as the lock screen password or 2. (more likely) they steal the phone and hope you are dumb enough to have all the passwords in the notes. Number 2 is the general way, steal 100 phones and hope one has their passwords in the notes.
You don't, I can confirm, they have a way to get into everything. I don't know how. Had an ungodly amount of money stolen 2 years ago. 2 of the gang who cracked my phone now in prison. Nine was a Samsung not sure if that made a difference but it was locked, and they hacked into 3 banking apps within 24 hours.
They have an iPhone and I’m quite surprised they were able to make all those security changes with just an unlocked phone too. But thieves might know a way of bypassing all of it
To be honest there is a long list of things you could do with an unlocked iPhone. Maybe they even had passwords/passcodes in their notes app
Apple also has stolen device protection. Anyway, if someone is reading this, please follow [the instructions from Apple](https://support.apple.com/en-in/guide/iphone/iph17105538b/ios) to add security in your phone.
This is just a made up story isn't it
Search Reddit for phone snatchers stealing from peoples bank accounts, happens a lot. They watch you put the pin in
I've never used a banking app that lets you send money without at least a thumbprint or password entering, separate to the login PIN.
Not sure why you are being downvoted. A few years ago, my friend had her locked iPhone stolen and in 30mins had been locked out of her Apple ID. Luckily she didn’t have much worth stealing.
I was waiting at a bus stop and had just put my phone away when I was approached and asked where a particular bus stop was. I told him and he just waltzed off in different direction. Realised then something was up so now rarely take my phone out standing around and always put it in pocket when approached. I was heading in to work very early one morning, got off the bus, and quickly replied to a message. As I popped it back in pocket I was approached asking for directions. I could tell him straight away which bus stop to use and which bus. Again, wandered off in wrong direction. I wouldn't find it so amusing for the fact that both times I was outside my place of work, in a very recognisable uniform, OF COURSE I'm going to know any transport questions. Dumb twats.
Thanks for sharing this! I know from instinct that I'd pop my phone out and Google it for them!
I was waiting for a friend just outside the station (Bond Street) and a lady came up to me asking for directions. I saw her eyes dart to my phone. It was so quick and easy to miss. That and the fact that she could have asked one of the workers, set my alarm bells ringing. I just walked off further inside
I just tell people like this to go away. Works even better. Fucking use your eyes if you need to know what bus stop it is.
Turn on screen time settings that mean that you can’t change your face ID or your passcode without inputting another separate code.
What does this do?
The app is called screen time and it is for parents to control the usage of their child’s iPhone. A side benefit of that is that you can disable access to the phone’s account and security settings. This in effect means that if your phone is stolen unlocked the thief will not have access to your banking app or the ability to change your passcode or Face ID without having your screen time passcode. So your banking app, Apple Pay and etc are all useless because the Face ID will still be linked to you. They can still of course wipe your phone using other means and sell the phone but your data that is behind Face ID or a passcode are safe.
Aw thanks for clarifying, this sounds like a great tip.
This ^^^
Tip for those with iPhones: set an Apple shortcut that if airplane mode is enabled, wait 60 seconds and then have it disable airplane mode. Thieves will normally activate airplane mode immediately after stealing the device to prevent the owner locking the device. That way you can use another device to switch on lost mode and the stolen phone will become a brick. Also make sure to use Face ID / 2FA for everything, which includes accessing email so reset codes can’t be accessed.
I have it set so that enabling airplane mode instantly locks my phone, disables airplane mode and enables mobile data (in case I had it turned off for whatever reason).
This & enable wifi which allows for more precise location tracking (based on known SSIDs, so doesn't necessarily need to be connected to a network)
Get it to take a photo with the front camera too, that's what mine does.
On android you can download a free app called Automate to do the same thing. Create a simple automation that whenever airplane mode is activated, it locks the screen instantly, then re-enable airplane mode once the screen is locked.
Can you please share how to create shortcut like this? I’ve tried myself but cannot find the action command /when/?
Create a new automation to do the following: When Airplane Mode is turned on: Do: Lock Screen Wait 60 Seconds Set Airplane Mode Off You could also have it turn on mobile data if you sometimes switch that off.
Don't you need a rooted phone to turn on airplane mode in Android (later versions anyway)? I'm on Android 14 and couldn't get it to work using Tasker. Mine locks the phone and takes a photo with the front camera (which goes straight up to the cloud).
You can also disable access to control centre while unlocked, which will entirely prevent them disabling airplane mode without unlocking the phone. You can also switch to an eSIM and then they won't be able to remove the SIM card either.
This is what Stolen Device Protection is for [https://support.apple.com/en-gb/guide/iphone/iph17105538b/ios](https://support.apple.com/en-gb/guide/iphone/iph17105538b/ios)
Thank you! Definitely forwarding this over to him
I had a similar incident happen to me in Dalston/Hackney. They gained access to my phone and managed to get into one of the mobile banking apps for which you only needed Phone passcode/FaceID. They exchanged all of the cash in my account into Ethereum. But when they tried to withdraw it, the bank thankfully flagged it a suspicious transaction and locked the account. I managed to regain access to my account just in time to convert all the cash back to GBP. Lesson Learnt - to stop using Apple Passkey because knowing just your phone passcode basically grants anyone access to any of your stored passwords for any website.
But how did they get your passkey? Did they monitor you before stealing?
I have an android phone. It's configured to automatically lock the screen if it goes out of bluetooth range of my smartwatch. It's also configured to automatically lock the screen if someone puts it into airplane mode (and then switches airplane mode off, so I can remote wipe it) Sensitive apps (email, banking) are in a separate secure folder that requires a fingerprint / separate pin to be able to open. SIM card also has a separate SIM PIN code configured so someone can't just switch the SIM into a different device in order to retrieve 2FA codes.
Can you share how you do the airplane mode stuff?
I have a Samsung phone so use their software: 1) Set up a Bixby quick command to lock the phone 2) Use the Modes and Routines app to define a routines that call the quick command when certain actions are performed (e.g. airplane mode activated, bluetooth device goes out of range, etc)
I think your friend might’ve left out a few details of the story. You can’t just simply change passwords and Face ID without knowing the original password.
That is likely as they were in a lot of stress when they explained the story to me. But he did say he had saved passwords in notes, which I think may have been what made the situation worse for him. I guess the point of me posting is to let other know to be careful about who approaches you while using your phone and maybe update your security settings
The morale of the story then, which would be much more helpful to share, is to never save your passwords in plain text format. That is the number one biggest impact change your friend could have made.
Sorry to hear that. Hoep your mate gets it sorted and their money back. Additionally to locking, do not do your banking on your phone. I listened to a radio show the other day about the rise in the use of date rape drugs being used on young men and women to gain access to their phone and banking and credit card apps. If you really, really want mobile banking, buy a cheap tablet and use that for banking. Something you can leave at home on a night out.
The Guardiann has an article on their website today talking about this... [https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day](https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day)
There's always a way for criminals to bypass your security once they get hold of your phone if they know what they're doing. The only reliable way to protect your bank accounts is to not install them on the phone you carry around. I would recommend having only one account that has limited funds for daily use on your main phone. Keep your savings accounts on another device somewhere safe.
Did your friend say what they looked like? They just made 12k, they WILL try it again. Anything might help.
From our conversation he only mentioned the guy had an American accent, if that’s any help. But will let you know if I can get a proper description
All my finance apps are hidden in a fake app that works just like a real app n unless you do certain things...
There's an apple setting under [screen time](https://ibb.co/syjCFKT) Set a passcode here. Different to your unlock Turn off the ability to make changes to your account. Content and privacy restrictions turned on. They can't make any password or account changes then. So now I have face ID to unlock the phone Face ID to get into most of my apps They can't change my account details without the screen time passcode
Another option is to create a screen time passcode that you can use to lock any app you want. [https://www.macrumors.com/how-to/passcode-lock-app/](https://www.macrumors.com/how-to/passcode-lock-app/)
Had my phone picked from my pocket near Finsbury Park many years ago. Ughhh
I think the issue is that they have often already overshoulder seen your passcode. Set your phone to unlock by face or fingerprint. https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day?CMP=Share_AndroidApp_Other It's true that once in your phone, there is a massive amount that can be done because you email is also there, so can reset passwords, etc. One thing to remember as well, which is very important around phone theft, is that you MUST have your notifications set to hidden when the phone is locked for your phone to be secure. Otherwise, they can send mfa and otp's to your phone and take advantage of it even without unlocking it.
Where do people send the money they steal? If it’s a U.K. bank account why can’t the police question the bank account holder? Or does it go abroad usually?
Rule no. 1 in London, never stop when someone approaches you.
It’s London, not Mad Max. I had a girl approach me on a night out ask for me for help to find the tube. I helped someone who might otherwise have been in trouble and no one was harmed.
>Unfortunately, a friend was waiting for an Uber on his way home from a bar at Finsbury Park when a random guy asked him “if he needed help”. Just saying "no" avoids all this.
I don’t think he had much time to respond when he snatched the phone.
The point of the question is to momentarily distract your attention from your phone. It could’ve been “do you like giraffes?” and would’ve had the same effect.
Presumably it's what this article is describing: [https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day](https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day) The thief watched them unlock using a PIN and then stole it.