Twenty-seven thousand euros.
That’s roughly £22,000 and is exactly how much money was stolen from me in 2023. It’s changed my life forever.
I never thought something like this could happen to me.
I was careful – vigilant, even – about my private and financial information. I used strong, unique passwords, PIN numbers and biometric security. And it still wasn’t enough.
On the evening of the Ireland vs England rugby game in March 2023, my friends and I had been out celebrating in Dublin. We were in a nice bar when, just after I bought some drinks, I realised my phone had gone missing.
I searched the floor and rechecked my empty pockets and had the heart sinking realisation that it must have been stolen.
When I got home the first thing I did was see if I could track it by using the ‘Find My Phone’ feature on another device, only to find my password had been changed.
I couldn’t log in to anything: not Apple or even my banking apps as I didn’t have two-factor-authentication from my phone. I went to bed with a knot in my stomach, just hoping that nothing bad would come of it.
Sadly, the next morning I got an email – which I could still see on my PC – stating that a transaction had been declined. This wasn’t surprising as the account in question isn’t one I use very much, but it was anything but good news.
If the person who stole my phone was able to attempt to use that card, then I knew they would have been able to use all the cards in my digital wallet.
Taking action then and there, I called my banks. That’s when they confirmed thieves had spent over €27,000 across the cards I had stored on my phone. It was a horrible feeling.
This felt like a huge violation and I was helpless. I hated the fact that these thieves could access my finances, steal my identity, and even sell my personal information on the dark web, should they wish.
The thought of my private details being in their hands, risking my reputation and using it to dupe loved ones, was more worrying than the financial loss itself. Yet there didn’t seem to be an easy way to resolve any of it.
All I wanted was to stop them in their tracks and I remember thinking it was ridiculous that there wasn’t a one-and-done way to shut everything down. Instead, I had no choice but to spend hours on the phone with banks, desperately trying to stop the damage that was being done and it was a tedious process.
Before my experience I had expected to just remotely erase my phone to prevent this, but the reality was I couldn’t activate that feature… and it wouldn’t have worked if my phone was in airplane mode.
Each bank I called, I had to verify my identity before freezing my accounts, meaning I spent precious time navigating frustrating security protocols while the thieves spent my hard-earned money from a different account. It was infuriating.
Once that was done, I then had to turn my energy to damage control. I changed passwords across all my digital profiles, reported the theft to the police, and all while trying to recall the details from the night before.
Eventually, after watching a video on YouTube about a similar attack that happened to someone in New York, I came to the realisation that I must have been targeted and had become the victim of something called ‘shoulder surfing’.
Similar to when thieves used to watch you at the cash point to see what PIN you were typing in, thieves now watch what users are doing on their phones. They’ll watch you type in your phone passcode and then use that to bypass the biometric security to access your accounts and other private information.
And sadly, it’s a growing tactic as there is so much valuable information on your phones these days.
It was a sobering realisation to know that even advanced security measures couldn’t fully protect me.
After three weeks, extensive documentation and numerous conversations with fraud departments, I was fortunate enough to recover all the stolen funds. And I felt fortunate that the thieves didn’t discover my crypto assets – which I wouldn’t have been able to recoup – or contact my friends or family via email or WhatsApp to ask for money.
As I used different PINs for my banking apps, they weren’t able to access them and simply transfer money to their accounts.
However, the sense of vulnerability I felt wasn’t so easily remedied. If this could happen to me, someone who runs tech businesses and has coded since my early childhood, how would people like my parents cope?
Despite my efforts and those of law enforcement, the perpetrators of this crime remain unknown and have not faced justice.
The anonymity afforded by technology and the complex dark web makes it increasingly difficult to bring these individuals to account, leaving many victims feeling helpless and exposed.
As for me, I couldn’t quite shake the feeling that things could be different for victims. That’s when I started working on the idea for Nuke From Orbit.
In information security, ‘nuke it from orbit’ is a popular term used to mean ‘wiping your system and starting from a clean slate’. It’s for when a machine has been so thoroughly compromised that the only choice is to start completely from scratch (it’s also paraphrased from one of the best lines from the film Aliens).
Well, that’s exactly what happens when your phone has been stolen and so I set about writing up a business plan. And within a week, the company was born.
Since then, our research has revealed that in a staggering 62% of UK smartphone theft cases, the consequences went far beyond losing a physical device, and there were 78,000 reported incidents of theft last year – a rise of 150%. This realisation fueled my determination to develop a solution that could help others facing similar ordeals.
Now, our smartphone security platform allows users to invalidate their personal data (should their phone be stolen) with a single button. That means any sensitive information – be it banking details or email accounts – is no longer of any use to criminals in seconds.
I’m so proud of the work we’re doing, but we’ve still got so much to do.
I want people to understand that complacency is not an option in a world where our smartphones hold our most sensitive data and digital identities. Someone with access to your phone can very credibly pretend to be you in a variety of ways.
Educating the public on smartphone security is crucial. The financial, telecommunications, and technology sectors must collaborate to develop robust solutions prioritising consumer protection.
Government action is also necessary to address this growing threat and hold perpetrators accountable.
We must collaborate to educate, innovate, and legislate to combat this pervasive issue. The alternative – a future where more and more people have to endure the financial and health consequences of smartphone theft and identity crime – is simply unacceptable.
Do you have a story you’d like to share? Get in touch by emailing James.Besanvalle@metro.co.uk.
Share your views in the comments below.