I’m now writing this from my new mobile phone. The reason why this is relevant is my last one that I have had for 3 years was stolen in Phnom Penh.
That phone has travelled to about 20 cities across the world and used in the same way across those 20 cities. Phnom Penh has schooled us. We had read about these motorbike thefts. Some far worse than we experienced such as dragging people into the road trying to steal handbags or backpacks. Two man teams where one slashes the strap with a knife and the other grabs the bag.
So what happened…
We decided to walk from our lovely hotel, Teahouse Asian, to Mekong river front as a route to the Russian market.
Walking down the atmospheric streets full of cool little shops and restaurants we took out our phones many times to take pictures as it felt safe. The streets where relatively empty. When we did hear a motorbike we acted defensively and turned around and covered our phones. After taking photos we tucked our phones into our pockets.
To navigate we used a combination of a paper map and Google maps on my phone to confirm our location. At one particularly busy road I faced the traffic which was moving from my left to right. I was about a foot from the edge. I pulled out my phone and opened Google maps looked at it for about 5s. The next thing I knew my right hand was knocked hard from behind and the phone was gone. It sounded like the phone hit the floor so I ran forward looking for it. When I looked up the motorbike rider was mid stream weaving his way expertly against the flow of traffic and he was gone. Emily said she saw the phone in his hand.
We both felt sick. I was angry and distraught and worried as my phone was unlocked. Luckily I am pretty security conscious of my data and all passwords are encrypted and hidden.
We grabbed the nearest tuk tuk back to the hotel in shock. The incident kept running over and over in my mind. We told the hotel and they said it happens often.
I started the laborious task of changing passwords on all the important things and wiping the phone remotely. I checked findmyphone every 10 minutes. It never came back online to wipe. Even to this day it hasn’t been back online so I presume they just wiped it right away and sold it on. I don’t really care about the phone. It just sickened me to know that someone might be able to get into my bank or email and therefore be able to reset other accounts.
Things we have learnt
- We are grateful it was a clean snatch and that it didn’t escalate
- Material things like phones and watches, jewellry and cash don’t matter
- Always secure your data on your phone in such a way that if it were stolen then the damage would be minimal
- Sync your passwords with other devices so you can recover them
- Never get your phone out without checking who is close by
- Never get your phone out close to the road
- If your in a pair get the other person to stand 10 feet away and watch your blind spots
- You can’t distinguish one suspect motorbike when near a busy road of motorbikes
- When their are many attack vectors just keep your phone in your pocket
- This kind of thing does happen all over the world but Phnom Penh seems to take the biscuit
- Don’t underestimate the speed and skill of these thieves
- To grab a phone out of someone’s hand at speed whilst riding one handed against the flow of traffic takes practice. These guys are doing this all day everyday
- The market for second hand phones in the shops of Phnom Penh is massive
This is why I bought a new one from a reputable brand shop in Saigon instead. Lucky none of my accounts have been compromised, so far….
I received a fishing sms txt yesterday to my UK number for iCloud. When they stole my iphone it had a Cambodian SIM for data. I still have my UK sim which is now in my new phone. Very convincing official looking sms txt. It said it was from Apple and that my phone had been found. Click the link to sign in.
This was the link:
I have changed some of the text in case someone accidentally clicks it. Please don’t.
The link presumably opens up a convincing iCloud login page. If you have dropped your guard or are simply not used to these kinds of hack then it would be very easy to put in your username and password at which point you would be giving them direcrly to the hacker. Who would then have access to everything you have on Apple including any credit cards tied to your account.
Very scary indeed to be targeted. It means that they have my number so they are in the stolen phone even though they have not put it on the internet yet. Findmyphone still says it is waiting to remote wipe the phone when it comes online. I believe that the phone is useless unless they have my Apple password to reset it. If they would put it online then it will wipe it automatically and they will be able to reset it. I guess they don’t want to risk that and will continue to try and phish me with some of the information they can get from my unlocked phone. Contacts etc…
So for now I continue to be vigilant with accounts and watch for strange things. Not the most pleasant state of minds to be in but it could be worse.
For those with mobiles lock them down and use a password manager. For android users try Bitdefender. Stay safe…