iPhone PIN scam could spread to Android — how to protect your Google account

Pixel 7 and Pixel 7 Pro
(Image credit: Laptop Mag)

iPhone owners have been hit by a simple, but effective, PIN scam that was recently highlighted by The Wall Street Journal

Unfortunately, as 9to5Google rightly pointed out, this same method can be used to crack into Android phones, which would allow thieves to steal the owners' Google account (via Tom's Guide).

Here's how the PIN scam works

While we often cover nefarious hackers writing code to break into your devices, this PIN scam is so easy that anyone can do it, which is precisely what makes it such a potential widespread threat. All that the thieves are doing is observing users entering their PIN prior to stealing the phone, at which point they are able to gain access to the device as if they were the owner.

On the iPhone, they can use this to change the password to the Apple ID logged into the device and log the user out of the rest of their Apple devices. On Android, the thief could change the password to the Google account logged into the phone, effectively locking the owner out of their account.

How to do 2FA right: Yubikey 5Ci

(Image credit: Laptop Mag)

How to protect yourself from the PIN scam on Android

While the scam is incredibly simple, protecting yourself from it is relatively easy as well. First and foremost you should be using biometric authentication to log into your device rather than a PIN, pattern, or password. Whether it's fingerprint or facial recognition, this is harder for a thief to capture.

Recognizing that there are times that biometric authentication fails, you still may find that you need to enter your PIN, pattern, or password occasionally. Your best defense in this case is to be using a longer PIN or password. Don't use the pattern option, other than a four digit PIN that is about the easiest thing for a thief to recognize even at a distance.

Failing that you can secure your account using two-factor authentication (2FA) with Google's Advanced Protection Program. This will prevent a thief from changing your Google account password even if they gain access to your Android PIN or password as it requires a physical security key to make such a change. Take a look at our guide on how to do 2FA right for some recommendations on security keys and how to use 2FA across all of your most important accounts.

While typically I find threats that require a hacker to gain access to your device to be less of a concern than online threats such as malware or ransomware, the ease of this PIN scam makes it worth considering some of the above changes to protect yourself from being a victim of it.

Sean Riley

Sean Riley has been covering tech professionally for over a decade now. Most of that time was as a freelancer covering varied topics including phones, wearables, tablets, smart home devices, laptops, AR, VR, mobile payments, fintech, and more.  Sean is the resident mobile expert at Laptop Mag, specializing in phones and wearables, you'll find plenty of news, reviews, how-to, and opinion pieces on these subjects from him here. But Laptop Mag has also proven a perfect fit for that broad range of interests with reviews and news on the latest laptops, VR games, and computer accessories along with coverage on everything from NFTs to cybersecurity and more.