Holiday Shopper Beware: Smartphone Thieves Are Getting Smarter

Black Friday is fast approaching, and soon malls across America will be filled with smartphone-toting shoppers—and smartphone thieves eye a bounty of opportunity.

There’s no doubt holiday shoppers will be whipping out their smartphones more than ever before. They’ll be keeping track of purchases with the Christmas Gifts List app, comparing prices with RedLaser, checking and re-checking dwindling bank account balances on their banking app, and even authorizing payments with Google Wallet on Android phones.

Smartphones galore, harried shoppers, crowded places, all make up an environment rife with theft. Even worse, thieves are getting better at plying their nefarious trade. Kurt Roemer, chief security strategist at Citrix Systems, has a few tips for staying safe this holiday season.

Lose Your Phone?

Your mind is swirling amid a throng of shoppers, your arms full of packages, and you need to take a seat: so you park it next to a fountain, lay your iPhone next to you—and in an instant a thief swoops in and swipes your smartphone. The odds of this scenario playing out are actually quite good.

Hopefully, you’ve done some preparation.

For starters, you’ll want to enable and test the Find My iPhone service, which tracks iOS devices via GPS. You can log into the service from another computer and locate your phone while it’s in transit or at the fountain where you left it. Either way, the frantic moments following a lost iPhone is NOT the right time to become familiar with Find My iPhone.

Slideshow: 15 Best iPhone Apps for Busy CEOs

Make sure your phone is password protected, too. This is a simple preparation step, but it’s surprising how many people don’t use the password feature. On iPhones, accessing a corporate Exchange server requires the phone to have a password.

Savvy smartphone owners might think they’ll be able to track down a stolen iPhone with Find My iPhone on their own without the IT department ever knowing. Or maybe they figure IT can remotely wipe corporate data and apps from the lost or stolen iPhone, which is possible with iOS, leaving them in the clear. Savvy? Yes. But thieves are savvier.

The Trail Runs Cold

After stealing a phone, a smart thief will pull the SIM card out right away, Roemer says. The phone stops communicating out on the network, which means IT can’t remotely wipe it and services such as Find My iPhone won’t work well. Later, the thief may jailbreak the phone and try to get information off it.

Thieves can also get a hold of a special box used by law enforcement in forensics that shields phones from all electromagnetic interference. A smart thief will throw a stolen phone into the box, where it can’t be remotely wiped or tracked. Then the thief can look through the phone later, after the owner has stopped looking for it and IT has given up trying to wipe it.

“Go out and buy one of the boxes, it makes a good Christmas present,” Roemer says, sarcastically.

Bottom line: If your phone is work-related, you better remove sensitive data before heading to the mall.

Thieves Turn the Tables

So you’re in a crowded line. You finally get to a cashier, and whip out your credit card to pay for that Oakland Raider jersey you know she’ll just love. The guy behind you is looking into his iPhone probably surfing the Web—or is he? Maybe he’s secretly shooting video of you and your credit card number.

The same goes true for lines at ATM machines. Thieves will try to record your personal identification number and then follow you, looking for an opportunity to snatch your wallet.

The best way to protect yourself is to be mindful of your surroundings, as well as prepare for worst-case scenarios. Of course, this can be difficult for shoppers buzzing with holiday spirit and energy.

Oh, and one more thing: Keep a low-profile, so as not to put a target on your back.

“Don’t flash the phone around,” Roemer says.

Tom Kaneshige covers Apple and Networking for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Tom at tkanshige@cio.com