In many ways, it’s fantastic that our smartphones enable us to accomplish almost anything we need. However, this convenience creates a single point of failure, potentially resulting in significant losses if something goes wrong. A prime example is Reddit user Whippity, whose locked iPhone and credit card were recently stolen. The thieves used the stolen card to buy over $9,000 worth of goods, approving the transaction from the victim’s own locked iPhone. Thankfully, the card owner managed to reverse these charges, but not everyone might be as fortunate. The best approach is to ensure you avoid this type of situation in the first place.

A costly security flaw

According to u/Whippity, the thieves broke into their car and stole their iPhone 13 Pro and the accompanying MagSafe wallet, which had their ID and credit card. Their next stop was the Apple Store, where they made a large purchase using the credit card. The Redditor claims they received a text message from the credit card to verify the transaction, but the thieves were able to reply to the text even though the iPhone was locked.

That sounds like it shouldn’t be possible, but it can be if you have the wrong setting enabled. By default, iOS won’t let you respond to messages when your iPhone is locked, but it will if you have message previews set to turn on when locked. It’s convenient, sure, since you don’t have to unlock the iPhone every time you have to reply to a single text message. However, it’s a poor choice from a security standpoint.

The Redditor likely had this setting enabled, which allowed the thieves to respond to any message without having the phone’s passcode. Once AMEX sent a text to verify the $9,000 purchase, they merely had to reply with a single character 1 to approve the transaction. The credit card company was able to reverse the charges and fortunately for the Reddit user, they had purchased AppleCare+ with theft and loss coverage. They were also able to get a brand new iPhone without much of a hassle.

Securing your locked iPhone

Although this story has a happy ending, you should take a moment to review the security settings on your iPhone. Flipping a few software switches will ensure that your iPhone cannot be easily used for fraud.

To start, make sure your message previews are set to show only when your iPhone is unlocked. You’ll find that from Settings > Messages > Notifications > Show Previews. For good measure, make sure all notification previews are set this way as well from Settings > Notifications > Show Previews.

You should also take a moment to review the other actions available by default from a locked iPhone. Start by going to Settings > Face ID & Passcode, then enter your passcode. Scroll to the bottom and go to the Allow Access When Locked section. Ideally, you should consider disabling the following:

Reply with Message (offers the ability to reply to missed calls with a message)

Return Missed Calls

Wallet

Notification Center

Home Control

Siri

You can also go to Settings > Siri & Search and disable Allow Siri When Locked to be on the safe side.