My commute to the office last Wednesday was unexpectedly dramatic. As the doors of the Tube carriage shut, a mobile phone was snatched from the hands of the passenger opposite. As the train pulled off, she could do nothing but watch the thief flee down the platform.
So-called snatch thefts have surged by 150 per cent in the past year. I fell victim myself last spring as I waited to board a London bus, and have grimly watched government and industry efforts fail to slow this crime wave.
The overseas trade in stolen handsets is one driver. Apple’s “Find my iPhone” software eventually showed mine resurface in a Chinese container port. But accessing digital wallets, financial apps and personal data on our phones is the more immediate and lucrative goal for organised crime. Losing an expensive device is a blow. But becoming the target of subsequent fraud and extortion attempts and losing thousands is worse.
This week, powers for police to raid properties where stolen items are geolocated were announced as part of the UK’s new crime and policing bill. But disrupting the networks behind this complex, cross-border crime requires a multipronged approach from international lawmakers and the tech and telecoms industries.
My own case was closed with an email the same day, even though I could see my phone ping from multiple shops and addresses — a common frustration for victims. Yet even if the police had the resources to chase after all these stolen handsets, we should not kid ourselves it would solve the problem.
It can take less than 10 minutes for criminals to extract money and data if they have snatched an unlocked handset, or covertly observed victims entering their screen-lock passcode, says Tony Sales, a reformed fraudster who founded the crime prevention consultancy We Fight Fraud.
“The gangs behind this will have everything lined up, with money mule accounts ready to transfer stolen money into,” he says, referring to those — often very young — who permit stolen funds to be routed through their accounts, for a small fee. Handset thieves can be coached remotely by more knowledgeable gang members, making it hard for authorities to catch the kingpins.
“As the street starts to understand the wider fraud potential, this problem will grow,” predicts Sales. Most people are worried about their digital wallets and bank accounts being compromised — but not their email. This is the next frontier, from phishing emails and malware ransom scams to the rise of “email from the boss” fraud as corporate contacts are sold on the dark web.
Commuters present an attractive target. 5G connectivity on much of London’s Tube network means it is common for whole carriages of passengers to be glued to their phones. On my recent commute, nobody was able to describe what the phone snatcher looked like.
Tech companies are coming up with impressive antitheft innovations to make it harder for criminals to compromise devices — although these will only protect consumers when activated.
On Android, Google’s theft detection lock uses AI to sense sudden movements that could indicate a phone has been snatched, automatically locking the screen. A “private space” feature enables users to create a separate area for sensitive apps, locked with a PIN. Both Apple and Google have boosted passcode security features — such as restricting any changes to familiar locations. All of this buys victims more time to log on remotely and lock down or wipe stolen devices.
Banks are also adding new layers of app security. Even if criminals have the compromised passwords and biometric face recognition data, Revolut’s aspirationally named “wealth protection” feature means attempts to transfer money out of a customer’s savings, crypto or investments will trigger a fresh selfie ID check.
Striking a balance between the ease of using your device against ease of access for criminals is a highly personal call. After my own phone was snatched, I offloaded many financial apps to the at-home iPad. I disabled “message preview” to make it harder for thieves to view one-time passcodes and set the shortest possible time before my screen locks automatically. Mildly annoying but nothing compared with the stress of losing your phone.
Others favour physical restraints, like phone lanyards and bandoliers. Not using your phone in public is arguably better — easier said than done.
Given the growing amount of personal, financial and medical data on our phones, last week’s Home Office clash with Apple, which led to the withdrawal of its most secure cloud encryption services from the UK, is remarkably ill-timed. Yes, we need to crack down on the fraud gangs. But this shouldn’t come at the cost of compromising safety for millions of consumers.
Claer Barrett is the FT’s consumer editor and author of the FT’s Sort Your Financial Life Out newsletter series; claer.barrett@ft.com; Instagram and TikTok @ClaerB