In many ways, it’s great that we can do just about anything we need to on our smartphones. However, that convenience creates a single point of failure that could lead to big losses if something were to go wrong. Case in point: Reddit user Whippity, whose iPhone and credit card were recently stolen. The thieves used the stolen card to buy goods worth over $9,000, approving the transaction from the victim’s own iPhone. Thankfully, the card owner was able to reverse these charges, but not everyone can be so lucky. The best approach is make sure to avoid this type of situation in the first place.
How the theft took place
According to u/Whippity, the thieves broke into their car and stole their iPhone 13 Pro and the accompanying MagSafe wallet, which had their ID and credit card. Their next stop was the Apple Store, where they made a large purchase using the credit card. The Redditor claims they received a text message from the credit card to verify the transaction, but the thieves were able to reply to the text even though the iPhone was locked.
That sounds like it shouldn’t be possible, but it can be—if you have the wrong setting enabled. By default, iOS won’t let you respond to messages when your iPhone is locked, but it will if you have message previews set to turn on when locked. It’s convenient, sure, since you don’t have to unlock the iPhone every time you have to reply to a single text message. However, it’s a poor choice from a security standpoint.
The Redditor likely had this setting enabled, which allowed the thieves to respond to any message without having the phone’s passcode. Once AMEX sent a text to verify the $9,000 purchase, they merely had to reply with a single character—1—to approve the transaction. The credit card company was able to reverse the charges and fortunately for the Reddit user, they had purchased AppleCare+ with theft and loss coverage. They were also able to get a brand new iPhone without much of a hassle.
How to disable text replies when your iPhone is locked
Although this story has a happy ending, you should take a moment to review the security settings on your iPhone. Flipping a few software switches will ensure that your iPhone cannot be easily used for fraud.
To start, make sure your message previews are set to show only when your iPhone is unlocked. You’ll find that from Settings > Messages > Notifications > Show Previews. For good measure, make sure all notification previews are set this way as well from Settings > Notifications > Show Previews.
You should also take a moment to review the other actions available by default from a locked iPhone. Start by going to Settings > Face ID & Passcode, then enter your passcode. Scroll to the bottom and go to the Allow Access When Locked section. Ideally, you should consider disabling the following:
Reply with Message (offers the ability to reply to missed calls with a message)Return Missed CallsWalletNotification CenterHome ControlSiriYou can also go to Settings > Siri & Search and disable Allow Siri When Locked to be on the safe side.