Smartphone theft is serious business in the US these days and even more worrisome with the BYOD boom in the business world. A new study finds that one in ten smartphone users are victims of device theft, and only 30 percent actually get their stolen smartphones back.
The greatest number of thefts happen when a smartphone user inadvertently leaves his phone in a public place (44 percent). Restaurants are the most common places where that occurs (16 percent), followed by a burglarized car or house (14 percent), a bar or nightclub (11 percent), work (11 percent), public transportation (6 percent), and on the street (5 percent). Some 40 percent of victims say their smartphones were stolen between lunchtime and close of business, noon to 5:00 p.m., and it took them on average one hour to realize the device was missing.
The bad news for enterprises is that 10 percent of smartphone loss and theft victims lost confidential business information with the device, according to mobile security provider Lookout's "Phone Theft in America" report, which gathered information from 2,000 smartphone theft victims in the US, UK, France, and Germany.
Some 12 percent of victims were hit with fraudulent charges on their stolen smartphones, and 9 percent, identity theft. Nearly half report time and productivity loss in the wake of the phone theft. Around 90 percent say they tried to reclaim their phones, with 60 percent of those filing police reports.
Interestingly, the majority are willing to go all vigilante in order to retrieve their phones -- 70 percent say they would even put themselves in physical danger if that's what it took to get their phones back. Others would pay a ransom, with one in three phone victims saying they would shell out $1,000 or more to retrieve the sensitive data on their phones, while half of them would pay $500.
Alicia DiVittorio, director of security communications at Lookout, says the key to protecting smartphones from theft is having a passcode, a find-my-phone app, and to remain vigilant about the phone's whereabouts. iPhones and Androids are most commonly targets, with 39 percent of victims reporting stolen iPhones and 33 percent, stolen Androids.
A major risk is when a smartphone that's set up as a second factor of authentication gets stolen. "The value of the data, whether it's personal or corporate, data on smartphones these days is well over the value of the actual smartphone. From a security perspective, the danger of a lost or stolen phone is that it may give savvy criminals access to your work resources with an unprotected smartphone," says Ralph Logan, CEO of big-data analysis firm Kiku Software. "If a thief has access to your phone -- and it is the second factor of authentication -- then they hold the keys to the corporate network at your access level."
Logan should know: His iPhone 5 was pilfered from his coat pocket last fall while at a pub in Dublin. He had locked his device with "Find My iPhone" enabled, so he messaged the phone in hopes someone would return it. Weeks later, he received a message via Twitter from a man saying he had found the phone and would return it to Logan if he provided his Apple ID and password, a list of five contact numbers on the phone, and his full name, phone number, and address.
The Apple ID and password request was a dead giveaway that the scammer was trying to make a buck off of the stolen iPhone: Those credentials were required to reinstall iOS on the locked iPhone. So Logan decided to turn the tables on the scammer, and was able to find out the scammer's real name, real email address, his girlfriend's name, and his brother's name. So when the scammer, who went by "Lee," contacted Logan once again, he let him have it and told him he knew his real identity and that he had the stolen iPhone. He gave "Lee" an ultimatum to drop off the phone at a Dublin office, which was poised to ship the phone back to Logan. The plan worked.
But not all smartphone theft victims are security experts like Logan. Others must rely on law enforcement and their phone-tracing apps. Take Robert Thompson, an Orlando, Fla., restaurant and nightclub designer who last summer was held up at gunpoint for his cash, ID, and Android HTC1 while doing some woodworking behind a restaurant. "He held a gun to my head," says Thompson, who was one of seven different victims hit in a crime spree across a 15-mile radius over a couple of days in late July.
Thompson had synched his phone and computer, so he quickly logged onto his laptop -- which was safely sitting inside the restaurant -- and ran his missing device Locate app from Lookout: "I watched my phone go down the highway," he says of the thief's getaway. He had in the meantime called the police, who were able to locate the thief via the information Thompson provided from the smartphone tracker and make an arrest within minutes. They also later arrested other members of the crime gang, which also had staged a home invasion and stolen a car, money, and smartphones from their victims.
The full Lookout report is available here for download.