Fraudsters “Shoulder Surfing” to Steal Phones


Criminals are becoming increasingly adept at targeting individuals to exploit vulnerabilities in mobile banking apps, according to a senior fraud officer in the UK.

Detective Superintendent John Roch emphasizes that the technology behind these apps is secure, but criminals are honing their techniques to exploit human behavior.

Typically, thieves engage in “shoulder surfing,” observing victims as they enter their PINs before stealing their phones.

The financial repercussions of this type of crime can be substantial.

“It’s just a phone… but if you don’t take the necessary precautions and protective measures, it’s like walking around with a bag of cash,” warns Detective Superintendent Roch, head of economic crime at the Metropolitan Police in London.

“Considering it from that perspective, would you enter a bar, place your cash on the counter, and turn your back on it? Probably not.”

Detective Superintendent Roch acknowledges that it is impossible to determine the exact number of victims, but even if the scale of the crime appears small, its impact can be devastating.

“It’s not a widespread issue, but it does exist, and we do encounter it… [however], the potential consequences are catastrophic for the victims,” he affirms.

“Once criminals gain access to your phone and subsequently your banking apps, they have complete control over your savings, your entire life, and any valuable information stored on that financial application.”

Jake Moore, an employee at the cybersecurity firm ESET who previously led the digital forensics unit at Dorset Police, explains that criminals often employ “shoulder surfing” tactics to obtain victims’ PINs before stealing their phones through methods such as mugging, pickpocketing, or drink spiking.

They then use the acquired PINs to unlock the stolen phones and attempt to access banking apps. Additionally, they search the notes section of the phone for banking passwords or PINs.

Last year, Jacopo de Simone had over £22,000 of his life savings stolen after falling victim to pickpocketing and losing his phone during a night out.

Initially, he felt frustrated and annoyed upon realizing his phone was missing, but the next morning, when he logged into his online banking, he discovered that all his money had been stolen.

“I was completely taken aback; my thoughts froze, and I tried to gather my senses, thinking ‘OK, what’s the best course of action here?’

“It was utterly frightening and distressing to witness all my hard-earned money being taken away from me.

“I was in a state of shock, wondering how this could have happened.”

After a ten-month struggle with his bank to prove his innocence, Jacopo was eventually reimbursed for the stolen funds.

However, the initial crime and subsequent ordeal have drastically changed Jacopo’s perception of using mobile banking apps.

“This experience completely transformed how I approach my banking apps today,” he states.

“I try not to keep the apps directly on my phone.”

“The threat of losing my phone and having all my money easily accessible is not worth the convenience.”