Fact Check

Bankcard PIN Theft by Text Message

Text message to 'hubby' on stolen phone nets purse snatcher a PIN.

Published Feb. 19, 2007

Claim:

Legend:   Text message to "hubby" on stolen phone nets purse snatcher a PIN he uses to empty a couple's bank account.

Examples:




[Collected via e-mail, April 2006]

True story:

This lady has changed her habit on the hand phone after her handbag was stolen. Her handbag which contained her mobile, credit card, purse... Etc....was stolen. 20 mins later when she called her hubby, telling him what happened. Husband says "I've just received your SMS asking about your
Pin number. And I've replied a little while ago".

When they rushed down to the bank. Bank staff told them all the money was already withdrawn. The pickpocket had actually used the stolen handphone to sms "hubby" in the contact list and get hold of the pin number. Within 20 mins he had withdrawn all the money from the bank account.

Morale of the lesson:

Do not disclose the relationship between you and the people in your contact list. Avoid using names like Home, Honey, Hubby, sweetheart, Dad, Mum etc....and very importantly, when sensitive info is being asked thru SMS, CONFIRM by calling back.

Forward this to all your well wishers, so that they'll be careful too.
 


[Collected via e-mail, January 2007]

This lady has changed her habit of how she lists her names on her mobile phone after her handbag was stolen.

Her handbag which contained her mobile, credit card, purse etc... was stolen. 20 minutes later when she called her hubby, from a pay phone telling him what had happened, hubby says "I've just received your text asking about our pin number and I've replied a little while ago."

When they rushed down to the bank, the bank staff told them all the Money was already withdrawn. The pickpocket had actually used the stolen phone to text "hubby" in the contact list and got hold of the pin number.

Within 20 minutes he had withdrawn all the money from the bank account.

Moral of the lesson: Do not disclose the relationship between you and The people in your contact list. Avoid using names like Home, Honey, Hubby, sweetheart, Dad, Mum etc...

And very importantly, when sensitive info is being asked thru texts, CONFIRM by calling back.



Origins:   This instance of a scam in which a weakness in the user's method of storing information in her cell phone

Cell Phone

is turned against her first reached the snopes.com inbox in April 2006. Judging by its then-reference to "your SMS" (which in later versions became "your text"), we would guess it to have been penned by someone outside the U.S. or the UK, where "text" or "text message" are more typical terms for the form of written message one types on a telephone keypad. ("SMS," which stands for "Short Message Service," is a service primarily available in Europe that governs the relay of very brief text messages on cell phones in a mode similar to that of paging, except that the receiving units do not have to be on for messages to transmit. SMS has also in numerous spots around the world come to be used both as the term for a cell phone text message itself and the act of sending one, as in "I just sent you an SMS" or "Where have you been? I've been SMSing you all afternoon.")

Given the lack of information provided in the narrative with which to prove or disprove it and the dearth of accounts of similar nature in the news (and it's been two years since this article was first penned, which means there has been lots of time for the story to come to light if there had been an actual robbery of this nature), this tale is best regarded as a cautionary tale rather than as an account of an actual incident — something meant to inspire greater prudence on the part of cell phone users whose casual laxity regarding security matters might otherwise lead them to

grief.

Handbags do get stolen, and a great many women as a matter of habit carry their phones in their pocketbooks, which means a purse snatcher may net himself both the victim's ATM card and her cell phone. If those so robbed have identified their spouses in their phones' address books as "hubby," "my sweetie," or the like, thieves might know exactly whom to attempt to extract cash card PINs from (although most ATMs have daily withdrawal limits that would prevent an account from being "emptied in 20 minutes"). Those concerned about such theft might therefore do better to list all contacts within their cell phone address books by first names only.

However, far more important than restricting stored phone numbers to first-name identifiers is training those who have your bank account's PIN to refuse to give it up. A text message (as the story demonstrates) can come from anyone — that it is sent from your own phone doesn't preclude the possibility that your mobile has fallen into someone else's hands. The more cautious will instruct their nearest and dearest to always say "no" to verbal requests for PINs because voices can be mimicked (with small differences being attributed to the phone's acting up). Remember, someone receiving a call from your cell is preconditioned to believe the caller is you and is therefore more likely to unthinkingly blurt out the information "you've" asked for, even if "you" don't quite sound like your usual self.

Barbara "safety PIN" Mikkelson

Last updated:   12 January 2009