In São Paulo, the largest city in Brazil, criminals are stealing people’s iPhones, and after a few hours, they manage to access users’ bank accounts and then steal from their accounts.

As reported by the Brazilian newspaper Folha de S.Paulo, this kind of theft has been happening since the beginning of the pandemic and has only gotten worse. In the story, people with an iPhone 11 and iPhone XR had not only their iPhone unlocked, but also their bank account hacked.

Before the pandemic, it was common to see bicycle thieves stealing phones from inattentive people on the street, but they used to resell the phones. Now, there’s a specialized gang that not only invades the iPhone but also the bank account as well.

Procon-SP, the Brazilian consumer protection regulator based in São Paulo state, is planning to take action against companies such as Apple, other smartphone makers, and banks.

“Procon already acknowledged about a gang of cell phone receivers whose main illegal business is not the resale of cell phones, but the defrauding of passwords for bank fraud. This is being done through an army of hackers,” said executive director Fernando Capez.

According to police chief Roberto Monteiro, “Robbers noticed how much information people put in their phones.” He says: “Usually Waze users in the car with an Android smartphone are their main focus. Although breaking an iOS system is more difficult, they have also specialized in it.”

The mystery in these cases, especially when it’s about a locked iPhone, is how the criminals manage to break iOS and bank security.

Two of the banks quoted in the story are the Brazilian fintech Nubank and Itaú Unibanco, the largest banking institution in Brazil, as well as the largest in Latin America. In response, both of the banks said they work regularly in security patches and reinforce the importance of keeping the smartphone and apps updated.

The Brazilian Bank Federation says all bank apps are secured from their development to their usage.

“In order for banking applications to be used, the use of the customer’s personal password is mandatory. The application’s usage data, as well as the customer’s password, are never stored by the bank’s applications on the customers’ cell phones,” says the note.

As for iPhone users, the general tips are: Use Face ID or password on email apps, important notes, WhatsApp, and cancel all cards as fast as you can if they’re hacked.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

José Adorno

Brazilian tech Journalist. Author at 9to5Mac. Previously at tv globo, the main TV broadcaster in Latin America.

Got tips, feedback, or questions?