Fraud Alert: Chargebacks911 Warns Data Stored on Old Smartphones Can Pose Identity Theft and Fraud Risk

Share Article

Chargebacks911, in a warning to consumers hoping to avoid identify theft and other types of fraud, cites a trend of cybercriminals harvesting personal data unwittingly left on old smartphones when they resell or recycle them.

Monica Eaton-Cardone, co-founder and Chief Operating Officer of Chargebacks911, points out the fraud risk presented by personal data left on cell phones.

Fraudsters are persistent; if one source of illicit income goes away, they simply find another. And given the amount of personal data left on used smartphones, these devices can provide a veritable treasure trove of information for enterprising criminals.

According to the latest estimates, 72% of Americans own a smartphone(1) and users replace their mobile phones every 29 months;(2) as a result, millions of smartphones are resold, recycled or otherwise disposed of each year. However, evidence shows that the previous owners often leave personal data and files behind on those phones.(3, 4) Chargebacks911, a leading dispute mitigation and risk management firm, advises consumers and businesses to purge all data before relinquishing old cell phones to prevent that information from falling into fraudsters’ hands.

Security software manufacturer AVAST conducted experiments in 2014 and 2016 to determine if data was left behind on smartphones that had supposedly been erased or reset. In the first study, AVAST purchased 20 used smartphones from eBay; using readily available recovery software, the company’s analysts were able to retrieve over 40,000 photos, more than 750 emails and text messages, over 250 contact names and email addresses, the identities of four previous owners and even one completed loan application.(3) For the second study, AVAST purchased 20 used smartphones from pawn shops in New York, Barcelona, Berlin and Paris and found that half of them still contained data, including more than 1,200 photos, over 300 emails and text messages, the identities of two previous owners, three invoices, one work contract and an explicit video.(4)

As Chargebacks911 previously reported, counterfeit-proof EMV chip cards and other security measures have done little to reverse the trend of rising fraud. “Fraudsters are persistent; if one source of illicit income goes away, they simply find another. And given the amount of personal data left on used smartphones, these devices can provide a veritable treasure trove of information for enterprising criminals,” warned Monica Eaton-Cardone, co-founder and Chief Operating Officer of Chargebacks911. “Fraudsters can use this data to commit identity theft, whether it’s opening accounts or loans in the owner’s name, ordering merchandise or services using the owner’s stored login details, or scamming contacts by posing as the owner. Even photos and videos can be sold to porn sites or used for blackmail and extortion.”

Eaton-Cardone cautions smartphone owners that deleting files or conducting a factory reset doesn’t necessarily remove all data from the device, especially since data is often stored in several places, including the internal memory, subscriber identification module (SIM) card and/or secure digital (SD) memory cards. She advises smartphone owners to be aware of the risks and to take precautions to secure their data, both when using their current phone and when selling or disposing of used ones. Below, Eaton-Cardone shares her top tips to protect data:

Use Passcodes and Security Apps: Smartphone owners should always have a passcode-protected lock screen so their data won’t be easily compromised if the phone is lost or stolen and subsequently resold. Many mobile phone manufacturers offer built-in apps to track lost or stolen devices, such as “Find My iPhone,” and owners can purchase additional security apps that can remotely lock the device, thwart hackers or even snap photos of a thief.

Wipe ALL Data: Since resetting a phone may not necessarily remove all data, Eaton-Cardone counsels smartphone owners to manually delete their data before resetting. Since the process can vary by phone model, users should conduct an online search that includes their model name/number and phrases such as “wipe all data,” “erase all data” or “delete all data” for detailed instructions.

Remove Storage Cards: Finally, Eaton-Cardone reminds users to remove their SIM card and SD card (if applicable) from their old device. The cards can often be inserted into a new device; but if they will no longer be used, they should be destroyed before discarding.

Eaton-Cardone notes that consumer advocacy sites—including the Federal Trade Commission, Consumer Reports and CTIA—maintain helpful information, and she applauds businesses such as eBay for their efforts to educate sellers on the importance of wiping all data when preparing a smartphone for sale.

“Smartphone owners need to be proactive about protecting their data, but businesses have a responsibility to do so, as well,” noted Eaton-Cardone. “Companies that provide cell phones to employees should always wipe all data before reissuing or reselling those phones, and merchants that sell or trade used mobile phones should take care to ensure that no data remains—otherwise, they could potentially be held liable if that data is compromised. With fraudsters continually looking to exploit weaknesses, it’s critical to raise awareness of security risks—and it’s up to consumers and businesses alike to take steps to prevent them.”

Chargebacks911 is committed to educating merchants and others on ways to prevent fraud. As part of these efforts, Monica Eaton-Cardone is presenting a fraud prevention session at the upcoming Affiliate Summit East in New York and will be participating in other industry events throughout the year. She is also available for interviews and future speaking engagements.

For more information on Chargebacks911 and its comprehensive risk management solutions, visit http://chargebacks911.com.

About Global Risk Technologies and Chargebacks911:

Chargebacks911 is a division of Global Risk Technologies, which is internationally recognized as a leading provider of comprehensive risk management solutions to the payment processing industry. With offices in Europe and the United States, Global Risk Technologies manages over 200 million transactions worldwide each month. Chargebacks911 is headquartered in Tampa Bay, Florida, and specializes in chargeback mitigation and dynamic loss prevention. Founded by merchants in direct response to rising chargebacks and friendly fraud, Chargebacks911 combines insider expertise with proprietary technology and deep analytics to isolate threats, resolve disputes and maximize revenue. From small merchants to the nation’s largest retailers, today thousands of businesses rely on Chargebacks911’s scalable, customizable and fully turnkey solutions to achieve sustainable growth and guaranteed ROI. For more information, visit http://www.chargebacks911.com.

1.    Poushter, Jacob. “Smartphone Ownership and Internet Usage Continues to Climb in Emerging Economies”; Pew Research Center report; February 22, 2016. pewglobal.org/2016/02/22/smartphone-ownership-and-internet-usage-continues-to-climb-in-emerging-economies/

2.    Gryta, Thomas. “Americans Keep Their Cellphones Longer”; The Wall Street Journal; April 18, 2016. wsj.com/articles/americans-keep-their-cellphones-longer-1461007321

3.    AVAST. “AVAST Demonstrates Risk of Selling Used Smartphones …”; press release issued July 8, 2014. press.avast.com/avast-demonstrates-risk-of-selling-used-smartphones--recovers-40000-personal-photos-and-emails-from-phones-bought-online

4.    AVAST. “Selling Your Smartphone Could Mean Selling Your Identity …”; press release issued February 3, 2016. press.avast.com/selling-your-smartphone-could-mean-selling-your-identity-avast-finds-used-smartphones-still-contain-personal-information-and-data

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Karla Jo Helms
JoTo PR
+1 (888) 202-4614 Ext: 802
Email >