Online scammers are able to break into your smartphone and reset the device from your passcode. They pay attention to a user’s actions and take advantage of a moment of carelessness with their phone’s access code. Here are a few measures you can take to better protect yourself. 

Cybercriminals have found a non-technical way to access mobile devices and steal valuable information, including bank accounts and passwords. The vulnerability is due to many users not being careful enough when using the most basic security feature: the passcode that unlocks your mobile phone. Once inside, smartphone thieves are able to lock the user’s out by changing the password of the account linked to the device. From there they can access your entire digital life and even empty your bank accounts.

• The scam starts with a scammer observing or recording the victim's introducing the phone’s access code.
• Criminals look to distract the victim to steal the phone and basic security information from their device at the right time.
• With just the access code, criminals can change the password of the main account associated with the victim's phone.
• By changing the main password, criminals can block access from other devices and disable device search functions.
• Criminals can also look for personal information stored in notes or gallery photos, such as identification numbers or photos of ID documents.
• With this information, criminals can try to access financial applications and make purchases in the victim's name.

The good news is that there are steps you can take to prevent this from happening to you. Here are some recommendations to reduce the risks of being compromised by criminals and having your confidential information stolen:

Be discreet in public:

• Always use biometric authentication (fingerprint or facial recognition) in public to unlock and avoid having to enter your password manually.
• If you have to enter your code in public, do so without anyone being able to see it, covering the device's screen.
• Disable the "show drawn pattern" feature on devices that unlock with this method. This way, you ensure that your pattern cannot be observed from meters away.

Protect your accounts associated with the device

• Avoid the built-in password manager on your phone for accessing banking or financial applications. Instead, use a third-party password management tool that requires a different password.
• Make your codes stronger, with a minimum of 6 digits and, if possible, alphanumeric.
• Use multi-factor authentication (MFA) whenever possible.
• Create stronger passwords for your accounts. Create "passphrases" (security phrases) combining letters, numbers, and symbols, and avoid using easily identifiable personal information.
• Enable additional password protection features when possible.

Protect your personal information

• Never write your passwords or codes in notes, messages, or contacts.
• Delete photos and notes containing sensitive information, such as your ID card, passport, driver's license, etc.
• Use a third-party password manager to store this information securely.