Table of Contents
- Shoulder surfing is a scam tactic on the rise in the UK
- Why it is not safe to have the same password for your phone and your mobile banking
A major bank’s fraud chief is warning customers about a rise in the number of criminals targeting potential victims for mobile phone passwords.
This sinister tactic has been around for decades when it comes to stealing ATM debit card PINs, but the more modern twist involves pinching your phone and then scammers using the code to access it.
From there, they hope to access a number of financial apps, with many of them now managing their money online.
And the head of Santander Fraud Risk also warns customers not to use the same password for their phones and mobile banking.
Distracted: Many phone users are at risk of being defrauded as they let their guard down when entering their PIN in public spaces, such as on transport networks.
Chris Ainsley, head of fraud risk management at Santander, said: “It’s incredibly important that your phone passwords and digital banking credentials are different and secure.
‘Be sure to never share your password with anyone else or use the same code elsewhere; For example, you must have different codes for your card PINs than those used to access your phone and any applications.
‘Biometric authentication (fingerprint or facial recognition) can be a useful way to help protect your device.
“Always protect your devices with a PIN or password, even if they come with biometric protection.”
The fact that you can set your own password for mobile banking means that some people will use the same password they use to unlock their phone for ease, even if they intend to change it later.
But this leaves you vulnerable when it comes to criminals.
All a scammer has to do is watch you enter your phone password over your shoulder and, once they’ve stolen your phone, try their luck with the same code on their mobile banking apps.
If the passwords are the same, they will have access to all your money.
Those who do not have biometric authentication, such as Face ID, set up for their mobile banking are the most vulnerable to this tactic.
Face ID can add an extra layer of protection to mobile banking because it means someone else can’t log into your mobile banking using your PIN.
But scammers are also on the lookout for those who have just unlocked a phone or used Face ID to log into mobile banking before passing on their devices.
Figures from UK Finance show that in the first six months of 2023, £38.2 million was lost due to face-to-face retail fraud. This type of fraud covers all transactions that take place in person or in a store.
UK Finance said: “The majority of this fraud occurs using cards obtained through low-tech methods, such as distracted theft and ATM entrapment devices, combined with shoulder browsing.”
There was a 14 percent increase between 2022 and 2023 in value lost from this type of fraud.
Shoulder surfing: what to pay attention to
Make sure you have different codes for your card PINs and those used to access your phone and any mobile banking apps.
Be aware of your surroundings and make sure you don’t try to log into mobile banking in a place where people can look at your screen, especially if you are in a busy place, such as on public transportation.
It’s also very possible that they can see your screen in the reflection of the windows of buses and trains, for example, so be very careful.
Consider enabling biometric authentication that requires your fingerprint or facial recognition to access your device and now, increasingly, your mobile banking.
This way, someone looking over your shoulder won’t be able to memorize your PIN or password.
