Smartphones 🔗
Updated September 5, 2025
Settings 🔗
Make Control Center inaccessible when your iPhone is locked 🔗
When thieves take your phone, they’ll pull down on Control Center (from the top right of the screen) and turn on Airplane mode as well as possibly shut it down entirely thus preventing you from tracking it or do any operations on it remotely like erasing the data.
Go to Settings > Face ID & Passcode, turn off Control Center. This way no one can access it when your phone is locked.
Next go to Settings > Apple ID (your name at the top), tap Find My > Locate phone and make sure all options are turned on. This makes the phone trackable even when it’s powered off.
Scams and attacks directed at smartphones 🔗
Juice Jacking Scam 🔗
What is Juice Jacking?
Juice jacking is a cyberattack where criminals tamper with public USB charging stations to steal your personal data or install malware on your device. When you plug your phone or tablet into a compromised charging port, attackers can access your photos, contacts, emails, passwords, and other sensitive information stored on your device.
This scam has become increasingly common in airports, hotels, conference centers, and other public spaces where travelers frequently need to charge their devices.
How the Scam Works
Cybercriminals modify public USB charging ports or set up fake charging stations that look legitimate. When you connect your device, the malicious hardware can automatically sync with your phone or tablet, copying data or installing spyware without your knowledge. Some sophisticated attacks can even continue monitoring your device after you’ve disconnected and left the area. The charging process appears normal, so victims often have no idea their device has been compromised until it’s too late.
How to Protect Yourself
The best protection is to avoid public USB ports entirely. Instead, use your own wall charger with a standard electrical outlet, carry a portable power bank, or invest in a USB data blocker device that allows charging while preventing data transfer.
If you must use a public charging station, power off your device completely before plugging it in, and never accept any prompts asking you to “trust” or sync with the charging station. When traveling for business, always prioritize your device security to protect both personal and company information.
Shoulder Surfing: do not use your passcode in public 🔗
The Threat: Shoulder Surfing for Device Access
Thieves are increasingly using a technique called “shoulder surfing” to watch people enter their phone passcodes in public spaces like airports, cafes, transit stations, and busy streets. These criminals position themselves nearby and carefully observe your finger movements as you unlock your device. Once they’ve memorized your passcode, they steal your phone through pickpocketing, grab-and-run tactics, or distraction theft. With both your device and passcode in hand, they have complete access to your personal information, work emails, banking apps, social media accounts, and any stored passwords.
Why This is Particularly Dangerous
Unlike other forms of theft where criminals might be locked out of your device, knowing your passcode gives thieves immediate access to everything. They can disable security features, change your Apple ID or Google account passwords, access your financial apps, impersonate you on social platforms, and even use your device to target your contacts with scams. For business travelers, this means potential access to company emails, documents, and systems that could compromise sensitive corporate information.
How to Protect Yourself
Always shield your screen when entering your passcode in public by using your body, hand, or turning away from crowds. Consider switching to biometric authentication (fingerprint, face recognition, or voice recognition) when available, as these are much harder for thieves to replicate. Be extra cautious in high-risk areas like airport security lines, crowded transportation, and tourist areas where thieves commonly operate. If you must use your passcode in public, be aware of your surroundings and change your passcode regularly, especially if you suspect someone may have observed you entering it.
SIM Swapping 🔗
Criminals call your mobile carrier impersonating you, claiming to have lost their SIM card, and request to transfer your phone number to their device. Once successful, they receive all your calls and texts, including two-factor authentication codes for banking and other accounts. This allows them to bypass security measures and access your financial accounts, social media, and other sensitive services.
To protect against this, consider switching to an eSIM if your device supports it. eSIMs are digital SIM cards built into your phone that are much harder for criminals to transfer to another device, as they require more sophisticated authentication and can’t be physically removed. Most newer smartphones support eSIM technology, and major carriers offer eSIM services that provide better security against SIM swapping attacks.
Smishing (SMS Phishing) 🔗
Text message scams that trick you into clicking malicious links or providing personal information. These often impersonate banks, delivery services, or government agencies with urgent messages like Your package is held - click here or Your account is suspended - verify now.
Banking Trojans 🔗
A specialized type of trojan malware specifically designed to steal financial information and banking credentials. These malicious programs disguise themselves as legitimate banking apps or other trusted software, then monitor and capture login details, account numbers, passwords, and transaction data when users access their banking services.
Banking trojans can also intercept SMS messages containing authentication codes, manipulate banking websites to display fake login pages, and even perform unauthorized transactions while hiding the activity from the victim.
Banking Trojan attacks on smartphones increased by 196% in 2024, with malicious apps disguised as legitimate banking or financial apps that steal login credentials and financial data when downloaded.
Source: Norton
Source: itseller.us
Source: Kaspersky
Fake App Stores/Malicious Apps 🔗
Criminals create convincing fake versions of popular apps or set up unofficial app stores that look legitimate but distribute malware. These malicious apps can steal personal data, track your location, access your camera/microphone, install additional malware, or mimic legitimate apps like banking or social media platforms to capture login credentials.
To protect yourself, only download apps from official app stores (Google Play Store for Android, Apple App Store for iOS). Before downloading any app, check the developer name, read user reviews carefully, verify the app has a reasonable number of downloads, and be suspicious of apps requesting excessive permissions.
Avoid “sideloading” apps from unknown sources or clicking links in emails/texts that direct you to download apps. Keep your device’s operating system updated, as security patches help protect against malicious app installations.
NFC Payment Scams 🔗
New NFC banking scams have emerged where criminals use malicious apps to trick victims into placing bank cards near their phones. Near Field Communication (NFC) technology enables contactless payments by having devices communicate when held close together.
Scammers exploit this by creating fake payment apps, setting up fraudulent NFC-enabled card readers in public places, or using “NFC skimming” devices that can read contactless cards from a short distance without physical contact. Some criminals also trick victims into thinking they’re helping with a legitimate transaction while secretly capturing card information.
To protect yourself, keep contactless cards in RFID-blocking wallets, be cautious when strangers ask you to use your phone or card for payments, disable NFC when not needed, monitor your bank statements regularly for unauthorized transactions, and only use NFC payments with trusted merchants and official payment apps from your bank or established providers like Apple Pay or Google Pay.
Source: Bokf
Call/Voice Spoofing 🔗
Scammers use technology to make their calls appear to come from trusted sources like your bank, employer, or government agencies, often requesting sensitive information or immediate action.