9 comments

[ 0.22 ms ] story [ 31.1 ms ] thread
Do people here consciously think about this sort of fraud, and how do you secure yourself against it? (e.g. biometric locks on email accounts and notes?)
I would say pin lock on the device would render such an attack very unlikely until I read he claimed the device was pin locked?

Maybe it was simple to guess , or something else going on?

I should congratulate the thieves on accessing his Barclays account though. I was a customer of Barclays for many years but simply got fed up of constant technical errors preventing me from accessing my own funds.

I guess they got double lucky in this regard?

From the article, it suggests that the thieves “shoulder surf” the victims until they see them type in their device pin, then after pickpocketing either use that same pin for the app, or search through notes for sensitive passwords and the like.

> I should congratulate the thieves on accessing his Barclays account though. I was a customer of Barclays for many years but simply got fed up of constant technical errors preventing me from accessing my own funds.

This is certainly one way to keep your money safe! Bravo, Barclays

It's a matter of perpsective. When you are a user you take note of the times it didn't work. When you are a thief, you only need it to work once ;)
Just a practical answer - I have 3 bank accounts - a spending account, a current account that just pays my mortgage and tax, and a savings account. Only the spending account has an app on my phone, and it only ever has a months spending in it so the amount that can be stolen is limited. In order to take my savings (quickly) a theif would also have to compromise the 'mortgage' current account as it is only set up to pay into that account.

If my phone gets stolen, I expect the current account to be cleaned out with a 5K loss (2K balance + 3K max overdraft), and I'll lose access to anything with 2fa set up for a few days. That would suck a lot.

Mobile banking for a current account only, internet banking for the rest.

The only email account is dedicated to mobile - alerts and notes to self. No Google profile set.

I don't regard this is particularly cautious.

Hm, I have Revolut and they do have a web app, though they are certainly mobile-first, but not mobile-only.

In any case, this is a nice strategy to hedge.

I edited this before seeing your reply. You're correct, I was out of the loop on Revolut's web app and might give them another look, thanks.
Never seen the need to put a banking app on my phone. Seems as if that's a good idea.