If your cellphone were lost or stolen, you’d probably freak out, right?
Just think of all the sensitive personal information that’s on your mobile device: contacts, passwords and PINS, maybe credit card or bank account numbers. And what about all of those personal pictures and texts — maybe a bit too personal, that are stored on that device. Would you want someone else to see them?
And yet, most people don’t take even the basic steps to secure their mobile device. A new nationwide survey by Consumer Reports found that 34 percent of all smartphone owners do absolutely nothing, not even a simple code to lock the screen.
“This is one of the reasons why so many people’s accounts get hacked when their mobile phone is lost or stolen,” said security expert Robert Siciliano with BestIDTheftCompanys.com. “When the device is not password protected, anyone who finds or steals it has direct access to all of your accounts that automatically log-in as soon as an application is launched.”
Consumer Reports found that only 36 percent of the smartphone users have set a 4-digit PIN to lock their phone.
“Four digits are better than nothing, but the strongest passcodes have at least eight digits in them and have a mix of letters, numbers and symbols,” said Mike Gikas, a senior electronics editor at the magazine.
Even fewer people take more aggressive measures to protect the data on their phone, such as:
- Install software that can find the phone if it’s lost: 22 percent
- Install an antivirus app: 14 percent
- Use a PIN longer than 4 digits, a password or unlock pattern: 11 percent
- Install software that can erase the data on the phone: 8 percent
- Use security features other than screen lock, such as encryption: 7 percent
“I’m not surprised by these low numbers,” said Timo Hirvonen, a senior researcher at the global security firm F-Secure. “Most people don’t see the need for security on their mobile devices. This is very short-sighted considering the kinds of information people have on them and access with them.”
The world is going mobile — and so are criminals.
That smartphone you carry around with you all day long is now a lucrative target for cyber-thieves who want to gain access to your personal information.
“That smartphone is a computer, like any other, and there’s just as much risk of being a victim if you don’t take the proper security precautions,” said Alphonse Pascual, a senior analyst for security, risk and fraud at Javelin Strategy Research. “Criminals are targeting those devices and people need to understand that.”
Malware is a very real threat, especially for Android devices. The same type of viruses and other malicious software that can infect your desktop or laptop — and spy on everything you do – are now being launched at mobile devices.
“They can record your user names and passwords, the websites you visit, the text messages or emails you send and receive — it’s pretty scary,” Siciliano said. “You need to protect your mobile devices with antivirus, anti-spyware and other security software.”
Here are some other things you can do:
- Set the phone to lock after one minute or less.
- Does your phone have a setting that will erase all the data if there are too many — typically more than 10 — unsuccessful attempts to enter the password? If so, enable it.
- Update the operating systems, apps and programs as soon as you are notified. These updates often contain security enhancements and patches for vulnerabilities.
- Use a “find my phone” app that lets you locate the phone if it’s lost or stolen and erase all the data remotely.
- Stick with trusted app stores. This won’t guarantee “clean” software, but it will greatly reduce the risk.
- Don’t click links in an email, text or social network on your mobile device. It could lead you down a rat hole.
Consumer Reports estimates that more than 4 million smartphones were stolen or lost (and never recovered) last year. Should this happen to you, change the passwords and PINs on all of your accounts. If you use your mobile device to shop or bank, contact your financial institution and credit card companies. You should also file a police report. You may need this to dispute fraudulent charges on your credit or debit card account.
The editors at Consumer Reports have just published 5 Steps to Protect Your Smartphone from Theft or Loss.
More from CNBC
- Cellphone Thefts Soar as Advocates Hail ‘Kill Switch’
- Mobile Addiction Growing At an Alarming Rate
- Unlocking the World’s Unbanked with Mobile Phones
One reason why Marquis’ gas purchases might have triggered a fraud lockdown? Filling their tank is a common first move for credit card thieves.
“Some of the things they look at are small-dollar transactions at gas stations, followed by an attempt to make a larger purchase,” explains Adam Levin of Identity Theft 911.
The idea is that thieves want to confirm that the card actually works before going on a buying spree, so they’ll make a small purchase that wouldn’t catch the attention of the cardholder. Popular methods include buying gas or making a small donation to charity, so banks have started scrutinizing those transactions.
Of course, it’s not a simple matter of buying gas or giving to charity — if those tasks triggered alerts constantly, no one would do either with a credit card. But Levin points to another possible explanation: Purchases made in a high-crime area are going to be held to a higher standard by the bank.
“It’s almost a form of redlining,” he says. “If there are certain [neighborhoods] where they’ve experienced an enormous amount of fraud, then anytime they see a transaction in the neighborhood, it sends an alert.”
(Indeed, Erin tells me that one of the gas purchases that triggered an alert took place in a rough part of Detroit, which she visited specifically for the cheap gas.)
People who steal credit cards and credit card numbers usually aren’t doing it so they can outfit their home with electronics and appliances. They don’t want the actual products they’re fraudulently buying; they’re just in it to make money. So banks are always on the lookout for purchases of items that can easily be re-sold.
“Anytime a product can be turned around quickly for cash value, those are going to be the items that you would probably assume that, if you were a thief, you would want to get to first,” says Karisse Hendrick of the Merchant Risk Council, which helps online merchants cut down on fraud. Levin says electronics are common choices for fraudsters, as are precious metals and jewelry.
Many thieves don’t want to go through the rigmarole of buying laptops and jewelry, then selling them online or at pawnshops. They’d much prefer to just turn your stolen card directly into cold, hard cash.
There are a few ways that they can do that, and all of them will raise red flags at your bank or credit union. Using a credit card to buy a pricey gift card or load a bunch of money on a prepaid debit card is a fast way to attract the suspicions of your credit card issuer. Levin adds that some identity thieves also use stolen or cloned credit cards to buy chips at a casino, which they can then cash out (or, if they’re feeling lucky, gamble away).
When assessing whether a purchase might be fraudulent, banks aren’t just looking at what you bought and where you bought it. They’re also asking if it’s something you usually buy.
“The issuers know the buying patterns of a cardholder,” says Hendrick. “They know the typical dollar amount of transaction and the type of purchase they put on a credit card.”
Your bank sees a fairly high percentage of your purchases, so it knows if one is out of character for you. A thrifty individual who suddenly drops $500 on designer clothes should expect to get a call — or have to make one when the bank flags the transaction. If you rarely travel and your card is suddenly used to purchase a flight to Europe, that’s going to raise some red flags.
Speaking of Europe, the other big factor in banks’ risk equations is whether you’re making a purchase in a new area. I bought a computer just days after moving from Boston to New York, and had to confirm to the bank that I was indeed trying to make the purchase. Levin likewise says that making purchases in two different cities over a short period of time raises suspicions.
“I go from New York to California a lot, and invariably someone will call me [from the bank], ” he says. Since one person can’t go shopping in New York and California at the same time, any time a bank sees multiple purchases in multiple locations in a short period, it’s going to be suspicious.