iPhone owners have been hit by a simple, but effective, PIN scam that was recently highlighted by The Wall Street Journal.
Unfortunately, as 9to5Google rightly pointed out, this same method can be used to crack into Android phones, which would allow thieves to steal the owners’ Google account (via Tom’s Guide).
Here’s how the PIN scam works
While we often cover nefarious hackers writing code to break into your devices, this PIN scam is so easy that anyone can do it, which is precisely what makes it such a potential widespread threat. All that the thieves are doing is observing users entering their PIN prior to stealing the phone, at which point they are able to gain access to the device as if they were the owner.
On the iPhone, they can use this to change the password to the Apple ID logged into the device and log the user out of the rest of their Apple devices. On Android, the thief could change the password to the Google account logged into the phone, effectively locking the owner out of their account.
(Image credit: Laptop Mag)How to protect yourself from the PIN scam on Android
While the scam is incredibly simple, protecting yourself from it is relatively easy as well. First and foremost you should be using biometric authentication to log into your device rather than a PIN, pattern, or password. Whether it’s fingerprint or facial recognition, this is harder for a thief to capture.
Recognizing that there are times that biometric authentication fails, you still may find that you need to enter your PIN, pattern, or password occasionally. Your best defense in this case is to be using a longer PIN or password. Don’t use the pattern option, other than a four digit PIN that is about the easiest thing for a thief to recognize even at a distance.
Failing that you can secure your account using two-factor authentication (2FA) with Google’s Advanced Protection Program. This will prevent a thief from changing your Google account password even if they gain access to your Android PIN or password as it requires a physical security key to make such a change. Take a look at our guide on how to do 2FA right for some recommendations on security keys and how to use 2FA across all of your most important accounts.
While typically I find threats that require a hacker to gain access to your device to be less of a concern than online threats such as malware or ransomware, the ease of this PIN scam makes it worth considering some of the above changes to protect yourself from being a victim of it.
Today’s best Google Titan Security Key, Yubico Yubikey 5C and Yubico 5Ci deals