15 tips to protect your phone from thieves

Thieves want to steal your personal data as well as your handset

There are more than 200 mobile phones snatched every single day in the UK, with thieves stealing £1,000s from victims by accessing their personal data and banking apps. Since our phones hold much of our lives nowadays, it’s crucial to protect yourself and your data. To help, we’ve a round-up of things you can do now to make your mobile more secure.

This is the first incarnation of this guide. If you've any feedback, please let us know in the Phone theft protection tips forum thread.

Phone theft is on the rise and thieves are using a new tactic to access your data and steal your cash – 'shoulder surfing'

Phone theft is soaring, and thieves have a sneaky tactic to make sure they create the most financial havoc on victims, 'shoulder surfing'.

1510585742

What is 'shoulder surfing'?

'Shoulder surfing' is an on-the-rise tactic used by thieves to steal phones from unsuspecting victims. This involves thieves lingering around pedestrians, keeping an eye out for the phone's PIN code before snatching it, or nabbing it from you when it's unlocked – giving the thief free reign over your phone.

The Home Office reports a 150% rise in these ‘snatch thefts’ over the past year, with around nine phones or bags stolen every hour in the UK. Claer Barrett from the Financial Times was a victim and wrote What I wish I'd have known before my phone was snatched, which inspired this guide.

Thieves don't just sell the handset – they want to access your banking apps and personal data to steal £1,000s of your cash...

Selling a stolen handset and its parts might earn thieves £100s, but accessing your phone and compromising your data can be far more lucrative, potentially netting £1,000s.

An unlocked phone is a gateway to stealing your money. Your banking apps, personal information and emails are all potentially exposed, making it easier for a thief to commit identity and financial fraud.

Hopefully, you'll never be a victim of theft, but it's important to be prepared. There are steps you can take now to ensure your mobile is as secure as possible if it falls into the wrong hands.

If your phone has been stolen, report it to the police immediately. You'll usually be asked for your phone's IMEI number.

First, the simple things everyone should do to protect their phone

There's a whole raft of things you can do NOW to help protect your data from thieves. Some of the steps below may be obvious, but act as a reminder for everyone. Other tips, including making small tweaks to your phone's settings, are not so obvious and make your mobile much more secure than it is by default.

Note: Some of these steps involve having access to another device or computer in the event your phone is stolen.

  1. Set up 'Find my Phone' and similar tracking apps so you can locate it or remotely wipe all info

    You'll need to set up a device tracking app, such as Apple's 'Find My Phone' or Samsung's 'SmartThingsFind', BEFORE your phone gets stolen to take advantage of all its features, which adds a significant layer of protection to your phone's security. 

    Using another device, such as a computer or other phone, as well as enabling you to locate your mobile, most tracking apps also have a number of additional features to protect you if it's unrecoverable. These allow you to:

    • Mark your phone as lost/stolen so payments are suspended. For example, with Apple, when your device is in 'lost mode', your Apple Pay payment cards and passes are suspended and you can show a phone number and message for someone who finds it.

    • Remotely wipe all the data from your phone. Just remember to regularly back up your device, or you risk losing all your data, including photos and videos.

    • Remotely lock your phone (Samsung and other Android devices only). 'Remote Lock' lets you lock your mobile remotely with just a phone number. 

    See how to set up Find My Phone on Apple devices, SmartThings Find on Samsung phones, and Find My Device on Google.

    • How to set up 'Remote Lock' on Samsung & Google phones

      For Samsung:

      1. Open your Settings app
      2. Select 'Security and Privacy'
      3. Select 'More Security Settings'
      4. Select 'Theft Protection'
      5. Turn on the toggle 'Remote Lock'

      For Google
       

      1. Go to your Settings app
      2. Select 'Google' and the 'All services' tab
      3. Select 'Theft Protection' 
      4. Turn on the 'Remote Lock' toggle
  2. Set up fingerprint and/or facial recognition on your phone AND banking apps to thwart thieves – even if they have your PIN

    1708476142

    To add an additional layer of security, set up facial or fingerprint recognition, so you can unlock your phone with your face or finger, rather than a PIN. This means any 'shoulder- surfing' thieves who are waiting for you to enter a PIN should be deterred as you can unlock your phone with your biometrics, rather than be spotted entering a PIN in busy places.

    Most smartphones now support facial or fingerprint recognition, but those made before 2017 may not. 

    On an iPhone: How to set up facial or fingerprint recognition on Apple
    On a Samsung: How to set up facial or fingerprint recognition on Samsung.
    On a Google phone: How to set up facial or fingerprint recognition on Google.

    Use biometrics rather than passcodes for your digital wallets and banking apps too

    Surprisingly, some banking apps by default, such as Monzo, don't require you to enter a PIN or otherwise verify it's you before accessing the app – you just click on it and you're in. It's convenient, but it's not secure if someone has access to your phone.

    All banks and digital wallets offer an option to add biometrics recognition – so facial or fingerprints – in the app's security settings. This means even if thieves got into your phone and have your PIN, they wouldn't be able to access your banking apps or digital wallet. 

    If you have a older device that doesn't support face or fingerprint recognition, or you prefer a PIN, make sure it's different from the one you use to lock your screen and DON'T store it on your phone.

  3. Enter this simple code to reveal your phone's unique ID number and store it on another device – the police will request this

    The IMEI (International Mobile Station Equipment Identity) number is a unique 15-digit code that every mobile device has. It can be used to block or identify a phone if it's been stolen.

    Screenshot your IMEI number and email/forward it on to another device for safekeeping. It's important to know what your IMEI number is so you can give it to the police when you report your phone as stolen. You can also call your network if your phone is nabbed and tell them your IMEI number so they can block (blacklist) your phone to stop it from connecting to any network.

    How do I find my IMEI on my mobile?

    1. Dial *#06# (star, hash, zero, six, hash) from your device.
    2. You'll see several different numbers displayed on your screen. The one you're looking for follows 'IMEI' or 'IMEI1'.

    Alternatively, you can use these instructions on how to find your IMEI number: Apple device | Samsung device | Google device.

  4. Ensure your phone doesn't show the contents of text messages when it's locked – or thieves could see crucial security codes without even having access to your mobile

    It's common for banks and other organisations to send notifications or security codes to your phone, and these will often show on your screen, even when your phone is locked. This means thieves could be able to view personal info or security codes without having to unlock your phone.

    To avoid this, it's worth making sure you turn off 'preview notifications', so a thief would need to be logged into your phone to get any security codes, which can be used to change passwords or make purchases.

  5. Back up your phone regularly to ensure precious data is safe

    Backing your phone up regularly is essential to protecting your data, including precious photos and videos that can't be replaced. It also helps you get set back up quickly in the event your phone is stolen.

    By having a back-up of your phone, it means that you can comfortably wipe your device remotely should it be taken, without worrying about losing anything on there.

    • How to backup your iPhone

      Back up with iCloud
       
      1. Go to Settings > tap [Your Name] > iCloud > and tap iCloud Backup.
      2. Turn on iCloud Backup and tap Back Up Now.
      3. Ensure essential data types (contacts, photos, app data) are included in the back-up settings.

      iCloud automatically backs up your iPhone daily when connected to power, locked and connected to Wi-Fi as long as you have it turned on.

      Alternatively, do it the old fashioned way – with a cable

      If you don't want to pay for a 'cloud service', you can back up your smartphone the traditional way – via a USB cable and Finder (if using MacOS Catalina or later MacOS) or iTunes (if using Windows or earlier MacOS). Take a look at the step-by-step guide on how to back up data using your computer on Apple's site.

    • How to backup your Google/Samsung

      With Samsung and Google devices, you can back up your phone using your Google Drive. You'll need to make sure you have enough storage to ensure everything automatically backs up.
       
      If you've run out of storage, Google will let you know, but your back-ups will pause, so it's best practice to make sure you have enough.
       
      With Google, you get 15GB of storage for free. You'll need to buy more if you need it.
       
      Back up with Google:
       
      1. Open your device's Settings app.
      2. Select Google and tap Backup. (If this is your first time, turn on Backup by Google One and follow the on-screen instructions.)
      3. Tap Back up now.

      Google turns on automatic updates as a default, but this can be changed.

  6. Don't expect mobile insurance to cover any financial losses – its usually just the phone

    If you have separate mobile phone insurance, it will usually cover the cost of replacing your phone if it’s stolen, though you'll likely have to pay an excess. Policies typically cover theft, loss, and accidental damage, but it’s important to check the details, as coverage can vary.

    However, while the phone itself is usually protected, financial losses from unauthorised transactions via your digital wallet or mobile banking apps are not typically included, so you may still be at risk for that type of loss.

    If you don’t have separate mobile insurance, check your home insurance policy. Basic home insurance policies often only cover theft inside the home, while protection for theft outside the home may be offered as an optional extra. It’s important to check what’s included to avoid a nasty surprise if you do need to make a claim.

    Additionally, if you pay for bank account perks with a packaged account, you (and sometimes your family) might already have mobile phone insurance included. Be sure to check the terms of your account – and see our Top packaged bank accounts guide to ensure you’re not overpaying for features you don’t need.

  7. It might seem obvious but stay vigilant – make sure your phone is out of sight and secure

    2417859339

    Phone snatchers tend to be on the lookout for easily accessible phones, so if you're walking around busy areas, with earphones in and your phone out, you could be seen as an easy target, so vigilance is key.

    • Limit phone use in busy places. Keep your phone out of sight as much as possible. You're more at risk in busy places, particularly around Tube or train stations.

    • Observe your surroundings. If you must use your phone in public, use it in quiet areas, away from the edge of the road where thieves are likely to target you.

    • Keep your phone physically secure. You can use phone cases with straps or lanyards that attach to your wrist to help keep you connected to your phone. They're not 100% secure, but may act as a deterrent.


    And finally, DON'T store your passwords on your phone (ie, in your notes app) as it could be a treasure trove for thieves – instead, use a password manager. 

Now try as many of these extra tips as you can to make your phone even more secure

The tips above are things everyone can do easily, no matter what device you have. To protect your phone even further, read the tips below. Some are a little trickier to set up, and some depend on what handset you have, but they're worth doing to make your mobile as protected as it can be. 

  1. Set up a hidden folder to hide your sensitive banking apps to make it harder for thieves to find what they're after

    If a thief nabs your phone, they're likely to go straight to your banking apps, or try to change your system settings to lock you out of your tracking app, making your phone unrecoverable.

    You can set up a hidden folder on your phone protected by biometrics, and add your banking apps in there, which adds another layer of security, stopping a thief from entering sensitive apps.

    iPhones, Samsungs and other Android phones have various settings you should use to shore up your defences:

    • How to set up private folders

      How to set up a secure folder on Samsung

      1. Go to system settings.
      2. Tap on 'Security & privacy'.
      3. Click on 'More security settings' and tap 'Secure Folder'.
      4. Enter your Samsung Account details or create a new account if you don't have one.
      5. Tap 'Sign in', 'Continue' or 'Agree'.
      6. Also enable Reset with Samsung Account option.
      7. Select lock method among 'Pattern, PIN & Password' and tap 'Next'.
      8. Provide lock method and tap 'Continue'.

      When choosing your PIN for your Secure Folder, make sure it's DIFFERENT from any other PIN, this means that there is no way a thief would be able to know this PIN - and don't write it down.
       

      How to set up Private Space with a Google phone or other Android device
       
      1. Open the Settings app.
      2. Tap 'Security and privacy'.
      3. Under 'Privacy', tap 'Private Space'.
      4. To unlock, authenticate with your device screen lock.
      5. Tap 'Set up' and then 'Got it'.

      To make your Private Space more secure you can sign in to a different Google account.

      How to hide or lock apps with an iPhone (requires iOS 18)

      1. Go to your 'Home Screen'.
      2. Locate the app you want to lock.
      3. Touch and hold the app icon until the quick actions menu opens.
      4. Tap 'Require Face ID' (or Touch ID or Passcode).
      5. To lock an app tap 'Require Face ID' (or Touch ID or Passcode) again, then authenticate using Face ID (or Touch ID or Passcode).
      6. To hide an app tap 'Require Face ID' (or Touch ID or Passcode), authenticate using Face ID (or Touch ID or a passcode), then tap 'Hide App'. The app disappears from your home screen and moves to the hidden folder at the bottom of app library.
  2. iPhone: Set a 'Screentime PIN' to stop thieves from changing your passwords...

    If a thief knows your PIN or takes your phone while it's unlocked, they could quickly access your settings, change your iCloud or Apple ID and disable Find My Phone or Face ID. This would prevent you from remotely locking or wiping your device. Disabling Face ID would also give them full access to your digital wallet.

    To help prevent this, you can limit access to settings by enabling a Screen Time PIN. This goes beyond a separate PIN by allowing you to hide certain settings, including Find My Phone and Face ID, making it harder for a thief to alter them.

    • Set up 'Screentime PIN'. This is typically used as a parental control to limit what children can do on a phone – for example, by cutting off access to apps after a certain amount of time. You then use a PIN to override this (which can be separate from your lock-screen PIN).

      But you can also use this to prevent access to certain settings on your phone, such as your Apple ID settings and Face ID. See how to set up a Screentime PIN on your iPhone.

    When choosing your Screentime PIN, make sure it's DIFFERENT from any other PIN, this means that there is no way a thief would be able to know this PIN - and don't write it down.

  3. Samsung and other Android devices: Set up 'multiple users' as another way to hide all your sensitive apps

    This allows you to create multiple versions of your home screen. The idea is that you have one user/home screen for when you're out and about and a second for when you're in a safe space and want to access sensitive information, such as your banking apps.

    That way, if a thief was to gain access to your phone while you are out and about, they wouldn't see all your banking apps.

    See how to set up multiple user profiles on your Samsung or Google device.

  4. iPhone: Turn on 'Stolen Protection' in your settings to block a thief from accessing your Apple Wallet

    When switched on, if your phone is in an 'unfamiliar' location, for example, not at your home or at work, bank cards and passes in your Apple Wallet can only be accessed via Face ID or Touch ID (this setting is only available on devices running iOS version 17.3 or later). This prevents a thief who might know your PIN from accessing your digital wallet or make changes to your settings.

    Stolen device protection also means that there will be an hour delay in changing certain settings, such as removing and changing the phone's password – which gives you extra time to report your phone as stolen and lock it remotely. See how to set up Stolen Protection on your iPhone.

  5. Samsung and other Android devices: TURN ON Theft Protection to ensure any thief is locked out of your phone

    Theft Protection on Samsung and Android devices offers two extra layers of security. The first is its 'Theft Detection Lock', which ensures that if someone were to run or cycle off with your phone, this feature would detect that movement and automatically lock your phone. 

    The second is the 'Offline Device Lock', which means if a thief steals your phone and puts it on airplane mode or turns it offline to try and make it untraceable, this feature automatically locks your phone after a short while.

    These features are turned off by default so you'll need to turn them on yourself.

  6. If you want to be extra cautious, you could use a spare or old phone for mobile banking and leave it at home

    If you don't want to take the steps above or you want to further lower your risk AND you have a spare or old phone lying around (or for those with a tablet device), this one might be for you. You could use your spare device for all your mobile banking apps and keep it safe at home (or at least out of sight if you need to take it with you) – separate from your main phone you use when you're out and about.

    If you're able to keep all of your important and sensitive apps on a device at home, it means that the steps above aren't so essential because it'll be kept at home away from any phone-snatching 'shoulder-surfers'.

    Of course, while this offers a higher level of security, it won't be suitable for many who rely on their banking apps regularly while on the move and away from home. 

  7. Do a 'digital wallet' audit – limit the number of cards stored on your phone to avoid thieves racking up big bills

    Having your bank cards on your phone, known as your 'digital wallet', might be convenient, but if a thief gains access to your phone and passcode, they could exploit it. 

    Unlike physical bank cards, which have a contactless limit of £100, payments made via Apple, Samsung and Google Pay don't have limits, which could mean large purchases being made with your phone if it's stolen and a thief gains access.

    So if you are using a digital wallet, make sure you keep a close eye on the bank account you've added to it, ideally limit the number of cards stored on there, and if your phone is stolen, call your bank to report it as soon as possible.

  8. Add an extra layer of security by setting up two-factor authentication on your accounts

    Two-factor authentication (2FA) is a security measure that helps protect your accounts by requiring two methods of verifying who you are, including something you know (such as a password) and something you have (such as a smartphone). By adding this extra layer of security, 2FA slows thieves or hackers down and can prevent unauthorised access to your accounts, even if they know your password.

    To protect yourself if your phone is stolen, rather than relying on codes sent via text messages, set up 2FA using authenticator apps such as Microsoft Authenticator, or Google Authenticator. These rely on facial or fingerprint recognition, so a thief would be unable to gain access, even if they're on your phone.

    if your phone has been stolen, you might not be able to verify yourself, so make sure to add an additional trusted phone number or two when setting up your accounts 

    See how to set up 2FA on your Apple iCloudSamsung account and Google accounts.

     

What to do AFTER your phone is stolen

The moments after your phone is stolen can be stressful and upsetting, but to make sure you and your data are most protected from theft, follow these important steps:

Step 1:  Login to your phone's tracking app to remotely block (or lock) your phone

To do this, you'll need access to another device, which could be a friend's or relative's phone or computer. Use the links below to login to your phones tracking apps:

Login to iPhone's 'Find my Phone'
Login to Samsung's 'SmartThings'
Login to any other Androids 'Find My Device'

From there, you can see where your phone is or wipe it to make sure your apps and personal info are protected (remember to regularly back your phone up so you don't lose anything important).

If you've forgotten your password to your tracking app, and you have a Samsung or Android phone, you can lock your phone instead.

Step 2: Report the theft to the police by calling 101

The police advise that you do NOT call 999 unless your life is at risk. Instead, dial 101. If you know your IMEI number, include this in your report as it can be used to return a device to you if it's found.

Step 3: Call your bank(s), building society, credit unions and report it

Immediately report the incident to your bank(s), building society, or credit union to prevent any fraudulent activity, such as loans being taken out in your name or funds being moved to other accounts. Your bank will freeze your accounts to ensure that even cards in your digital wallet can’t be used by any thief.

You'll also want to keep an eye on your credit report. There are three credit agencies which hold credit reports on you: TransUnion, Equifax and Experian. See How to check your credit report for free. This will help you spot any unauthorised applications for credit or financial products (loans, credit cards etc).

To further protect yourself, consider adding a CIFAS marker to your file. Having this marker on your file alerts lenders to take extra precautions when reviewing applications made in your name, making it harder for fraudsters to apply for credit.

Step 4: Change your passwords

For key accounts that you have apps for on your phone, such as your Apple Pay or Google Pay accounts, shopping apps (such as Amazon or grocery shops) and even things like Netflix and Disney+, it's important you change all of your passwords.

Step 5: Contact your insurance company

If you have mobile phone insurance, contact the insurer. If not, check if you're covered on home insurance. If you want to make a claim, you'll need your crime reference number.

Step 6: Be extra vigilant for scams after the theft

When thieves steal your phone, you can’t be certain of their intentions. If they access your data, they might use it to commit additional scams or impersonate your bank to extract more information from you.

Use the tips in our 30 ways to stop scams to help prevent additional loss to you.

Spotted out of date info/broken links? Email: brokenlink@moneysavingexpert.com