A set of armed robbers who terrorized residents near Duke University recently are being called “tech-savvy” after they allegedly demanded their victims Venmo them money and wipe their smartphones — disabling anti-theft measures — before stealing the gadgets.
In one case, a 28-year-old woman was robbed at gunpoint and forced to send criminals $2,000 using Venmo and CashApp, according to WRAL.com. And this weekend. a set of criminals ambushed five current and former Duke students, leaving with laptops, a car, and four iPhones that had been “wiped.”
A dramatic set of similar crimes reported across the U.S. and the U.K. — infrequent, but still disturbing — suggests some violent criminals are becoming more sophisticated about gadget theft. For example” In Washington D.C., two 19-year-olds are accused of nearly 100 crimes, many of them involving forced Venmo and CashApp transfers. They were arrested late last year.
Meanwhile, some of the violent incidents are designed to make phones easier to sell on the black market; and as a way to help robbers make a clean getaway.
In Liverpool, England, one victim said he was choked while robbers used his face to unlock his phone during a violent encounter; in Bristol, a teenager says criminals held a knife to his throat and forced him to sign out of the “Find My iPhone” feature. Doing so disables phone tracking features which can help victims find their stolen gadgets and help law enforcement track down criminals. It can also disable the so-called “kill switch” which makes the stolen gadget useless.
There were a string of similar incidents reported in Chicago a couple of years ago.
It’s a predictable countermeasure adopted by criminals to foil anti-theft technology that smartphone makers have hailed as making the devices more secure and a less appetizing target for street thugs. Apple’s FindMyiPhone feature is a powerful tool that allows consumers to recover lost or stolen phones — even watch in real-time as a criminal escapes. Criminals know this, too, and in some cases have now escalated their tactics to force victims to disable the tracking.
Despite these alarming incidents, there is data showing anti-theft smartphone technology has helped take a significant bite out of smartphone crime. After the launch of the so-called “kill switch” in Apple’s phones about 10 years ago, theft dropped by about half in London and San Francisco, Reuters reported, and by 25% in New York.
Still, criminals are adapting.
Even in cases where thieves don’t force victims to log out of tracking tools during the initial crime, a thriving underground system has developed to foil it. SecurityIntelligence reported recently that a criminal network enables thieves to identify victims, then send them a carefully-worded phishing text message that looks like good news – “click here to reclaim your lost gadget,” essentially. But it’s really a ploy to trick victims into divulging their login credentials to the criminals, who can then log into the phones themselves.
Using cash apps like Venmo or Zelle to steal from victims is also a natural evolution of gadget theft — the more phones serve as de-facto login tool, the more easily criminals can foil bank security measures. There are stories involving victims seduced into sharing their phones for a moment — perhaps by a person appearing to be in distress — only to find the criminal has quickly initiated a large mobile payment transfer.
When crimes like this occur, in my opinion, consumers are entitled to Regulation E protection, and should be able to dispute the transactions and get a refund, as this Reddit user reports.
In my view, these are unauthorized transactions — akin to withdrawals made with a stolen debit card or online banking transfers made with stolen passwords. Being forced at gunpoint to pay someone is hardly an authorized transaction. But it remains to be seen how willing banks will be to restore the stolen money, and circumstances can vary.
Meanwhile, consumers can try to protect themselves by enabling two-factor authentication on each smartphone cash app; by not using the same PIN code on these apps as they do on their phones; and by reporting stolen phones immediately. These measures are hardly fool-proof, however. Phones are now often used as de-facto two-factor authentication tokens, so text-message account verification could be sent directly to phone thieves. And if you are being threatened by a criminal with a gun, give them what they ask for and worry about the money later.