1. Incident Summary
On November 4, 2023, at around 7:30 PM, a Japanese man was attending the Day of the Dead parade around the Zócalo in Mexico City. While navigating through the crowded area on foot, his smartphone, which he had placed in his right front pocket, was stolen.
(The phone’s screen security was set to facial recognition, but as he had painted his face for the parade, the facial recognition did not work, and he changed the unlock method to a 4-digit passcode.)
Although he checked the location and locked the phone remotely from another device, the location data ceased to update after 4 hours. Over the next two days, high-value items were purchased and delivered using the installed delivery app. The payment method was changed to a bank account associated with an app also installed on the phone, leading to multiple purchases and significant financial loss.
(The delivery app’s initial payment was registered with a Japanese credit card, which was automatically canceled by the card company due to suspected fraud, but the payment method was later changed to a Mexican bank account.)
It is unclear how the thief obtained the passcode or other unlock methods, but it is highly likely that they observed him unlocking the phone in the crowd during the parade. Additionally, the thief may have accessed passwords stored in the phone’s memo app for unauthorized use. The victim was unable to prove that the fraudulent transactions were conducted by someone other than himself, and thus, no compensation was provided.
2. Precautions
If a thief learns the method to unlock your screen, they might also bypass the lock on apps and other security features. Despite remote locking, the phone may have been unlocked. Once a smartphone is unlocked, it can be used for various forms of crime due to the personal information it contains. It is crucial to implement physical security measures such as using a strap to secure the phone to your clothing and employing facial or fingerprint recognition. Additionally, avoid storing personal information on your device, know how to remotely lock and erase data in case of loss, and be aware of procedures for stopping unauthorized transactions with your bank account or credit card, as well as emergency contact information.
Comment