Eight phone settings you should change NOW to stop thieves draining your bank accounts - our essential guide
Britain is facing an epidemic of mobile phone thefts, with a record number of smartphones snatched on the streets this year.
But when your phone is stolen, it’s not just your handset that is taken – your entire financial life can be put at risk.
With banking apps and reams of personal data stored on our smartphones, scammers could drain savings accounts, sell your personal information on the black market or take out debt in your name.
E-bike gangs grabbing phones from people’s hands have become a widespread menace across the UK. Thieves also target smartphone users in bars, restaurants and public transport.
In the year to March 2024, police-reported thefts from a person in England and Wales hit 131,453 - the highest level in more than two decades, according to the Office for National Statistics.
This type of crime, which includes pickpocketing and snatching smartphones on the street, has rocketed by 18 per cent in the past year. One in three stolen items is a smartphone.
Bodily theft in England and Wales has hit a two-decade high, with mobile phones being targeted on our streets for the vital monetary information they can hold
London is a hotbed of mobile phone theft. Thefts on the Underground more than trebled from 3,159 in 2021 to 11,363 in 2023, according to an exclusive Freedom of Information request by MoneySuperMarket Home Insurance to British Transport Police.
Reena Sewraz, money expert at consumer association Which?, says: ‘Some thieves “shoulder-surf” their victims before stealing the phone, meaning they watch them enter their passcode. If this is the same passcode used for other apps, thieves could access a treasure trove of sensitive information.’
Here’s a checklist to protect your smartphone so you can stand the best chance of keeping your finances and personal data secure.
Use a six-digit passcode
Secure your phone so that it can only be unlocked with a passcode, Face ID or fingerprint recognition. Wayne Denner, an online security expert, says: ‘Use a Pin that’s at least six digits rather than four, which many people use.’
This is because the longer passcode is harder for thieves to memorise.
You should also steer clear of predictable passcodes such as your date of birth, either forwards or backwards.
You can update your passcode and security log in the settings on your phone.
On Apple phones click ‘Face ID & Passcode’ in the settings menu. The way to change your passcode could vary between Android devices but search for ‘screen lock’ in the settings search bar and this should bring up an option to create or change your passcode.
Securing your phone using Face ID or fingerprint recognition means you can avoid typing in your passcode when thieves are watching.
Try switching from four-digit to six-digit passcodes to beef up protection, but don't make them too predictable
Set up Find My
Enable Find My iPhone (for Apple phones) or Find My Device (for Android gadgets) to track your phone. This feature will let you remotely lock or erase the device if needed. This can be invaluable if your smartphone falls into the wrong hands and you want to prevent them from accessing information you have stored on it.
Find My iPhone and Find My Device are both apps that should be pre-installed on your phone. Go to your homescreen and use the ‘search’ function to find it.
In the case of iPhones, you can also set up Find My iPhone on another Apple device, such as an iPad or Mac.
Then, if your phone is stolen, you can track your phone’s location, make your device play a sound to locate it, lock it or erase it entirely. This can prevent your personal information from falling into the wrong hands and stop criminals from gaining access to your banking app.
You can also use ‘Family Sharing’ to add your phone to a friend or family’s account. This is another way you can control your smartphone remotely.
To set it up, go into the settings on your phone and click on your name. Then follow the instructions.
To wipe the information stored on an Apple product, click on the device you want to erase and select ‘erase this device’. You’ll need your Apple ID username and password to do this.
On an Android gadgets, click the device you want to erase and select ‘factory reset device’.
This will permanently delete all data on your device. However, if you have a separate memory stick on your phone, called an SD card, this may not be wiped. The device’s location won’t be available in Find My Device after you’ve erased it.
You can lock your SIM card with a Pin code so that every time you swap them or restart your phone, the user has to enter the Pin for it to work
Set up a SIM Pin
You can lock your SIM card with a Pin code. Every time you swap SIM cards or restart your phone you must enter this Pin. Mr Denner says: ‘A SIM Pin prevents calls and data from being made or used from your SIM if someone steals your device and uses the SIM in another phone or device.’
The Pins are typically four digits long.
You can set this up on iPhones by going into the settings, clicking ‘mobile service’ and then ‘SIM Pin’ to choose your code.
On Android phones go to the security tab in the settings menu or search ‘SIM lock’ in your settings search bar.
You could be asked to enter in your SIM Pin, even if you haven’t set one up. Contact your network provider or check official documents that came with your SIM card to find out the default SIM Pin. Do this before trying to change your Pin or you could lock yourself out of your device. If you enter the wrong Pin three times the SIM will stop working. If this happens, contact your network provider for help.
Delete official photos
Never store photos of official ID on your phone, whether in photo albums or messages.
Kara Gammell, of MoneySuperMarket Home Insurance, says: ‘Thieves who are able to unlock your phone can search for pictures of documents simply by typing the word “passport” or “driver’s license” and can be used to steal your identity.’
If a thief gains access to your name, age, address and passport number they could impersonate you to open bank accounts and take out credit.
If you do have passport or driving licence details stored on your phone and your device gets stolen, look out for mail from your bank or utility provider which doesn’t arrive, items you don’t recognise on your bank statement or refusal of credit cards or loans as these could indicate your identity has been stolen, the Information Commissioner’s Office warns.
It says you could lose money or find it difficult to get credit or a mortgage if this happens.
You should also check the documents on your phone stored in the ‘files’ app. Travellers sometimes store documents of scanned passports or driving licences here. Thieves could also check this section of your phone for official documents.
Setting up facial recognition when booting up banking apps adds an extra layer of protection
Use two-factor authentication
Set up two-factor authentication (also known as 2FA) on your banking apps, social media and email accounts.
This is an extra layer of security that requires two distinct forms of identification in order to access an account, website or app.
The first factor involves putting the correct password to log into your account, and the second usually includes a text message or email being sent, containing a code that you must enter to confirm your identity.
To set this up, go into your ‘advanced settings’ – you should find it in the ‘sign-in and security’ option. You may be prompted to download an authenticator app, which will issue you with a new code to input into your phone each time you try to log into your emails, for example.
Thieves attempting to log on to your email account may not be able to access the authenticator app if you have set up Face ID. This means they will not be able to get to your emails. Authenticator apps include Google Authenticator and Microsoft Authenticator.
Make sure that you also download the app on a separate device, such as your desktop, so that you can get into your emails if you no longer have your phone.
Use a password manager
Consider using a password manager, such as Bitwarden or 1Password, on another device to keep track of your passwords. This is an app on your phone, tablet or computer that stores your passwords so you don’t need to remember them.
They can be downloaded from your phone’s app store, which is the App Store on Apple devices and typically Google Play Store on Android phones.
This way your passwords are secure and easily accessible if needed – and you can pick more complicated, secure passwords since there is no need to memorise them.
You need to create a master password which will allow you to access all your passwords.
Password managers can also let you know if you’ve duplicated a password on different accounts or spot fake websites, the National Cyber Security Centre (NCSC) says.
If your phone is stolen, you can then access your accounts and quickly change passwords or log yourself out across all devices to stop the thieves from gaining access.
But beware – if a thief manages to access your password manager they will have access to all of your accounts.
The NCSC recommends you turn on 2FA on the password manager account, choose a strong master password and install updates to the password manager as soon as you are prompted.
Activate stolen device protection
Apple’s latest software update includes a feature called ‘stolen device protection’. This adds extra security if someone is trying to use your phone anywhere that is away from familiar locations.
It doesn’t affect day-to-day functionality of the phone when used in new locations. However, if you try to make less common changes, such as changing your Apple ID password, you will face additional security.
For example, you may be required to wait for an hour and then perform a second Face ID or Touch ID authentication in order to change your Apple ID password, and there is no option to use a passcode. It is designed to give you time to report your device as lost and block certain accounts before thieves can get into vital accounts and make changes.
The security feature will not be automatically enabled. To turn on Stolen Device Protection, you must use two-factor authentication for your Apple ID and set up or enable the following on your iPhone: a device passcode; Face ID or Touch ID; and Significant Locations (Location Services). You also need to have the Find My feature turned on, and you can’t turn it off while Stolen Device Protection is enabled.
Go to your settings, click on Face ID & passcode, enter your device passcode and tap ‘Stolen Device Protection’.
Record your IMEI number
The International Mobile Station Equipment Identity (IMEI) number is a 15 to 17-digit number that identifies a phone which can be used to block your device if stolen. You can provide this number to your mobile network provider by calling customer support and the police when filing a crime report to help them recover your phone.
You can find your IMEI number by dialling *#06#. You’ll see your IMEI number displayed on your screen. If you have an Apple phone, you can find the number in your settings if you click on ‘general’ and then ‘about’. On Android phones go to the settings and ‘about phone’.
Blocking an IMEI number renders the phone unusable as a communication device, making it hard for thieves to use. Your phone gets added to a blacklist shared by mobile phone carriers, which means if anyone tries to use the device with a SIM card from any network provider that uses this list, the device won’t register on the network.
You may be liable for all charges run up on your phone until you report it as lost or stolen to your provider, so it is important that you do so quickly.
Turn off screen notifications
Go to your settings, ‘notifications’ and turn these off to hide messages from apps popping up on the lock screen. This will mean that you still receive a notification that you have received a message, but the contents will not be visible until you have unlocked the phone.
Denner says: ‘Even if a thief can’t unlock your device, screen preview notifications might let them see two-factor authentication codes, giving them access to your account.’
This will also mean a thief won’t be able to get the security code to authorise an online transaction, which could come through as a text message, without gaining access to your phone.
Be on high alert
Be careful when using your handset out and about. Keep your wits about you when using it on the street as thieves on motorbikes can appear out of nowhere.
If you’re at a restaurant or a cafe, do not leave your phone on the table and instead put it away in a secure location.
Hold it so it cannot be easily snatched out of your hand, for example by shielding the top. Keep it out of sight when on public transport if you’re not using it.