{"id":7368,"date":"2023-05-04T15:54:55","date_gmt":"2023-05-04T15:54:55","guid":{"rendered":"https:\/\/newmoneyreview.com\/?p=7368"},"modified":"2023-07-31T12:04:01","modified_gmt":"2023-07-31T12:04:01","slug":"a-phone-grabber-could-drain-your-bank-account-in-minutes","status":"publish","type":"post","link":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/","title":{"rendered":"A phone grabber could drain your bank account in minutes"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Some frauds and scams aimed at emptying your bank account are ringing alarm bells. But what about the ones that aren\u2019t?\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/www.psr.org.uk\/our-work\/app-scams\/\"><span style=\"font-weight: 400;\">Authorised push payment fraud (APPF)<\/span><\/a> &#8211; <span style=\"font-weight: 400;\">where the victim is tricked by fraudsters into s<\/span><span style=\"font-weight: 400;\">ending money to them (usually online) while the fraudster poses as a genuine payee &#8211; costs the best part of \u00a31bn a year, and that\u2019s in the UK alone. <\/span><a href=\"https:\/\/inews.co.uk\/inews-lifestyle\/money\/bills\/uk-finance-fraud-refunded-1712893\"><span style=\"font-weight: 400;\">Only around half of the victims get their money back<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But what about an arguably more alarming fraud? It\u2019s where a criminal gets hold of your phone and then manages to steal your funds. That kind of theft could happen to any one of us &#8211; in a bar, club, crowded rail carriage or even in the street.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Surely our phones\u2019 security features and those built into our banking apps would protect us?<\/span><\/p>\n<h2><b>Blamed for being a theft victim<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Apparently not. In January, <\/span><a href=\"https:\/\/www.bbc.co.uk\/news\/business-64240140\"><span style=\"font-weight: 400;\">I read about a man <\/span><\/a><span style=\"font-weight: 400;\">who said he had been hit by just such a theft. And his bank didn\u2019t reimburse him. It blamed him.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Jacopo de Simone\u2019s mobile phone was stolen from his pocket in London in May 2022. His device had been locked and password-protected. But still, said de Simone, the thieves had managed to steal \u00a322,500 \u2013 all the money in his current and savings accounts.<\/span><\/p>\n<blockquote><p><span style=\"font-weight: 400;\">His bank didn\u2019t reimburse him. It blamed him<\/span><\/p><\/blockquote>\n<p><span style=\"font-weight: 400;\">His bank said this kind of theft was impossible unless he had shared his PIN with someone in advance. It accused de Simone of \u2018gross negligence\u2019, he says.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">De Simone countered<\/span><span style=\"font-weight: 400;\">: \u201cI don&#8217;t access my phone using a PIN code &#8211; I use facial recognition. My Barclays PIN is different to my phone PIN and they&#8217;d need to have both of them.\u201d\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This story piqued my attention. But none of the details added up. So I decided to investigate. <\/span><\/p>\n<h2><b>Anatomy of the attack<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Let\u2019s review the scam in steps.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The BBC, which reported de Simone\u2019s case, asked cybersecurity expert <\/span><a href=\"https:\/\/twitter.com\/drjessicabarker\"><span style=\"font-weight: 400;\">Dr Jessica Barker<\/span><\/a><span style=\"font-weight: 400;\"> to break down the anatomy of the attack and to challenge the victim\u2019s statement. She said one phone scam scenario might involve these steps:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">First, criminals &#8216;shoulder surf&#8217; a victim to learn their PIN<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Then they steal the phone\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">They use the PIN to unlock the phone and then try the same PIN to access banking apps<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If unsuccessful, criminals search the phone&#8217;s notes section for banking passwords or PINs<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">That sounds plausible, but it didn\u2019t address Mr. de Simone\u2019s assertion that he had been using Face ID to log into his banking app.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Anyway, I started my investigation by framing the following question and testing it on ten banking apps (three from high-street banks and seven from so-called <\/span><a href=\"https:\/\/newmoneyreview.com\/index.php\/2021\/01\/21\/revolut-faces-an-existential-choice\/\"><span style=\"font-weight: 400;\">\u2018neo-banks\u2019<\/span><\/a><span style=\"font-weight: 400;\">): <\/span><i><span style=\"font-weight: 400;\">\u201cHow easy is it to move money from the app if someone has the phone and the PIN?\u201d<\/span><\/i><\/p>\n<h2><b>Test conditions<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">There were some additional conditions that I used in the test. Here they are:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">We have the latest version of Apple\u2019s mobile operating system, iOS, and the latest versions of the banking apps. We have also set up Apple\u2019s biometric authentication (Face ID) and have enabled the biometric login on the app, if possible. To avoid making the analysis too complex, we stuck to Apple\/iOS in the investigation. Google (Android) has different set-up conditions in its phones, but I believe Android devices are equally exposed to some of the potential attacks I describe below<\/span><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">We assume the criminal has the iPhone and knows its PIN but doesn\u2019t know any other PINs or passwords in other banking apps on the phone.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The criminals have access to the email app on the phone. The Gmail app, for example, does not have a separate PIN and allows you to see every email once the phone is unlocked. Another example, the Mail.com app, can be protected by a PIN, but this feature is not enabled by default.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The criminals are able to receive and send SMS and\/or automatic voice calls.<\/span><\/li>\n<\/ol>\n<h2><b>Our results<\/b><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-7376\" src=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/summary-of-results.jpg\" alt=\"\" width=\"769\" height=\"270\" srcset=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/summary-of-results.jpg 769w, https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/summary-of-results-300x105.jpg 300w\" sizes=\"auto, (max-width: 769px) 100vw, 769px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">In the left column, I labelled the banks HS1-3 (for the high-street banks) and N1-7 (for the neobanks).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In a nutshell, some apps allow a potential criminal to bypass Face ID and reset the account password quite easily. These cases are highlighted in red in the table. Once criminals unlock the device, they can drain the accounts within minutes.\u00a0<\/span><\/p>\n<blockquote><p><span style=\"font-weight: 400;\">Some apps allow a potential criminal to bypass Face ID and reset the account password <\/span><\/p><\/blockquote>\n<p><span style=\"font-weight: 400;\">Other apps require additional information, such as date of birth, address or full name, to reset the account password, and these cases are highlighted in orange. But usually, this information can be obtained on the very same device.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Finally, six out of the ten apps showed robust enough measures to help you not lose money if you become a robbery victim.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the spreadsheet, columns 2-4 show the three steps of the attack we emulated, and what we found. Here is some more detail on each of those steps.<\/span><\/p>\n<h3><b>Step 1. Bypassing PIN or Face ID in the banking app<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">This can be done in two ways: by presenting the iPhone PIN (the N2 app allows us to do this) or by adding a new Face ID pattern. Most of the apps will ask the phone user to enter a PIN or password if a new face has been added. This doesn\u2019t stop the criminal, unfortunately, who can now try Step 2.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But two apps &#8211; N5 and N7 &#8211; didn\u2019t ask for a new PIN or password, allowing a freshly added face owner to log into the banking app.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another interesting example is the N4 app \u2013 even if the victim sets up the \u201cUse Face ID\u201d feature, it won\u2019t be required unless a second, so-called \u201cAuto-lock\u201d feature is enabled (for more on this security flaw, see below).<\/span><\/p>\n<h3><b>Step 2. Resetting the password<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Instead of trying to log into the existing account, criminals can press the &#8216;Forgot my password&#8217; button. Different banks require different pieces of information to reset the password\/PIN. Broadly speaking, these \u2018secrets\u2019 can be divided into three categories:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Know something (e.g., password, PIN, SMS, email, name, date of birth, address)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Have something (e.g., ID, credit card number, access to phone)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Am something (biometrics, e.g. a selfie or a video sample)<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Based on our conditions, the weakest security checks will be those that require access to the same stolen phone, allowing us to reset the password by SMS or email. And in this case, the apps N4, N5 and N7 were the least resilient \u2013 they used emails and SMS to reset the password.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The N5 app is somewhere in the middle \u2013 it requires knowing the date of birth and the postcode. But this is something that can be easily pulled out of emails.<\/span><\/p>\n<blockquote><p><span style=\"font-weight: 400;\">Fortunately for the criminal, there are a few options to move money<\/span><\/p><\/blockquote>\n<h3><b>Step 3. Moving funds<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Finally, once the criminal has control of your banking app, he\/she needs to drain your account. Fortunately for the criminal, there are a few options to move money.\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Make a wire transfer to a new recipient<\/span><span style=\"font-weight: 400;\">. For example, the fraudster could use SEPA &#8211; instant credit transfers that allow for real-time payments from any eurozone country to another. Wouldn\u2019t this leave a trail that could implicate the criminal? Not necessarily. For example, the criminal could transfer the money to a \u2018mule\u2019 and withdraw it for a fee (to the mule). Or the criminal could send the money to already compromised accounts whose owners won&#8217;t know about your malicious intentions. Or, as Mr. de Simone found out, the bank may blame the original owner of the phone. By the time the dust settles, there will be no money and no trails.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Get card details to pay online<\/span><span style=\"font-weight: 400;\">: for example, order something from Amazon. Here, 3D Secure\u2013<\/span><a href=\"https:\/\/newmoneyreview.com\/index.php\/2021\/08\/09\/how-safe-are-payment-cards\/\"><span style=\"font-weight: 400;\">a way of ensuring extra security in card payments<\/span><\/a><span style=\"font-weight: 400;\">\u2013won\u2019t help, as the one-time code that authorises the payment will arrive on the same stolen mobile phone or in the app. Another option for the criminal who has card details and access to one-time codes is to move money using any card-to-card service, such as PaySend.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Issue an Apple Pay wallet on the stolen phone<\/span><span style=\"font-weight: 400;\">. Let\u2019s focus here on how to monetise using this functionality, and we will show in detail how and why criminals can enrol the card itself in the next section. If a criminal knows your phone\u2019s PIN, he can access your Apple Pay wallet, go to a fancy store and buy anything he wants, with no contactless limits. Or, similar to the previous option &#8211; he\/she can use Apple Pay to pay online, for example, paying for something on eBay using the Apple Wallet.<\/span><\/li>\n<\/ul>\n<h2><b>Details of two of the attacks<\/b><\/h2>\n<h3><b>N4 app<\/b><\/h3>\n<p>Let\u2019s see in more detail the steps that criminals can take to succeed in their heists. First, we focus on the N4 app, issued by a neo-bank.<br \/>\n<b><\/b><\/p>\n<p><span style=\"font-weight: 400;\">The problems begin with a lack of Face ID authentication when you\u2019re logging into the app. Amazingly, this happens even though the settings say differently.<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Face ID or no Face ID?<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-7372\" src=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/face-id-or-no-face-id.jpg\" alt=\"\" width=\"420\" height=\"435\" srcset=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/face-id-or-no-face-id.jpg 420w, https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/face-id-or-no-face-id-290x300.jpg 290w\" sizes=\"auto, (max-width: 420px) 100vw, 420px\" \/>\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">On investigating, I found that you needed to turn on the \u201cAuto-Lock security\u201d option for the app to ask for Face ID.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">After opening the app, the criminal needs to drain the account. We described three common options to move money out of compromised accounts: wire transfer, card transactions or Apple Pay.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When I played around with N4\u2019s app, I found I couldn\u2019t use the first two options as by now the app was \u2013 correctly \u2013 asking for Face ID.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So I focused on enrolling Apple Pay instead. It turns out that this is one of the most popular routes for those wishing to extract money from a stolen phone\u2019s banking app.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Apple Pay can be enrolled through the \u2018Wallet\u2019 app on the phone by entering the card number, security code and expiry date, or via an \u201cApple Pay\u201d button in the banking app the criminal has gained access to.\u00a0<\/span><\/p>\n<blockquote><p><span style=\"font-weight: 400;\">Banks that don\u2019t use one-time codes are known targets for criminals<\/span><\/p><\/blockquote>\n<p><span style=\"font-weight: 400;\">At this enrolment stage, Apple has always allowed each bank to decide what additional security is required. The most popular option is to request a one-time code. But some banks don\u2019t do that for convenience, even if the card is enrolled via the Wallet app, and Apple has never objected to that because their motto always was \u201cWe provide a payment platform, and everything else is not on us\u201d. Banks that don\u2019t use one-time codes are known targets for criminals.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">On dark web forums, you can find the target banks quite easily (in the screenshot, \u2018BIN\u2019 refers to <\/span><span style=\"font-weight: 400;\">the first 4-6 numbers on a payment card, which identify the card issuer)<\/span><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Offering from one of the dark web forums about banks\u00a0<\/span><\/i><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-7371\" src=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/dark-web-offering.jpg\" alt=\"\" width=\"763\" height=\"198\" srcset=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/dark-web-offering.jpg 763w, https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/dark-web-offering-300x78.jpg 300w\" sizes=\"auto, (max-width: 763px) 100vw, 763px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Other banks request one-time codes when you are seeking to enrol their card into Apple Pay by entering the card number, security code and expiry date. But they don\u2019t do so when the card is enrolled via the \u2018Apple Pay\u2019 button in the app. This is because they presume that the security measures that have been required to get to this point, like Face ID or PIN, are a good enough barrier.\u00a0<\/span><\/p>\n<blockquote><p><span style=\"font-weight: 400;\">Unlike contactless bank cards, Apple Pay has no limit<\/span><\/p><\/blockquote>\n<p><span style=\"font-weight: 400;\">In summary, you don\u2019t even need to know any card details if you use the Apple Pay button in the banking app.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the case of N4\u2019s app, it didn\u2019t ask for a Face ID for me to enrol Apple Pay.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Once they\u2019ve done this, criminals can use Apple Pay as long as they know the phone\u2019s PIN! As a reminder, unlike contactless bank cards, which still have relatively low transaction limits, Apple Pay has no limits. So if you&#8217;re prepared, you can go into a dealership and buy a car. Or you can go to a fancy store and spend a couple of grand. But you should be able to drain the account pretty quickly.<\/span><\/p>\n<p><a href=\"https:\/\/drive.google.com\/file\/d\/1aursvpD0yhdfasuvrkvElteae_rc2Mmh\/view?usp=sharing\"><span style=\"font-weight: 400;\">This video<\/span><\/a><span style=\"font-weight: 400;\"> shows how I clicked on the button within the N4 app to add it to an Apple Pay wallet.<\/span><\/p>\n<h3><b>HS3 app<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">This app did not allow me to log in if a Face ID was deleted and reissued. However, the app has other flaws. This is what I saw when it didn\u2019t recognise a new face.<\/span><\/p>\n<blockquote><p><span style=\"font-weight: 400;\">It\u2019s quite handy that the bank is happy to share a User ID in an email, don\u2019t you agree?<\/span><\/p><\/blockquote>\n<p><i><span style=\"font-weight: 400;\">Failed Face ID\u2013what next?<\/span><\/i><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-7373\" src=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/failed-id-what-next.jpg\" alt=\"\" width=\"721\" height=\"281\" srcset=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/failed-id-what-next.jpg 721w, https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/failed-id-what-next-300x117.jpg 300w\" sizes=\"auto, (max-width: 721px) 100vw, 721px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">So, following the prompt, let\u2019s try to reset the login details! What would a criminal need for that?<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Resetting the User ID<\/span><\/i><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-7375\" src=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/resetting-user-id.jpg\" alt=\"\" width=\"490\" height=\"725\" srcset=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/resetting-user-id.jpg 490w, https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/resetting-user-id-203x300.jpg 203w\" sizes=\"auto, (max-width: 490px) 100vw, 490px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">All of these details are easy to find in the email account. It\u2019s quite handy that the bank is happy to share a User ID in an email, don\u2019t you agree?<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Bank User ID found in an old email<\/span><\/i><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-7370\" src=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/bank-user-id-in-email.jpg\" alt=\"\" width=\"714\" height=\"218\" srcset=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/bank-user-id-in-email.jpg 714w, https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/bank-user-id-in-email-300x92.jpg 300w\" sizes=\"auto, (max-width: 714px) 100vw, 714px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Once this information is obtained, it\u2019s possible to reset the password:<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Resetting the password<\/span><\/i><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-7374\" src=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/resetting-pw.jpg\" alt=\"\" width=\"411\" height=\"314\" srcset=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/resetting-pw.jpg 411w, https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/resetting-pw-300x229.jpg 300w\" sizes=\"auto, (max-width: 411px) 100vw, 411px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">The final step for the password reset is a one-time code that will arrive \u2013 unfortunately for the victim \u2013 on the stolen device.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Game over. Once the criminals have set up a new password in the app, they can drain the account any way they want: get the card details, enrol Apple Pay or make a wire transfer. No additional checks are required to get card details or to enrol Apple Pay. To make a wire transfer, criminals will need a password \u2013 the one they\u2019ve just set up themselves.<\/span><\/p>\n<h2><b>The aftermath\u2013and a worrying future<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">In February, <\/span><a href=\"https:\/\/www.wsj.com\/articles\/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a?st=wnsh3jz33ei97rl&amp;reflink=desktopwebshare_permalink\"><span style=\"font-weight: 400;\">the Wall Street Journal wrote<\/span><\/a><span style=\"font-weight: 400;\"> that giving a criminal your iPhone and its passcode was equivalent to opening a treasure box.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That article pointed out a few other vulnerabilities:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If criminals know the victim\u2019s PIN, they can use the already-issued Apple Pay cards on the phone<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Criminals can use the phone to apply for credit using apps like Klarna or Apple Cash. <\/span><a href=\"https:\/\/newmoneyreview.com\/index.php\/2022\/09\/28\/buy-now-pay-less-ornot-at-all\/\"><span style=\"font-weight: 400;\">At New Money Review, I\u2019ve already written<\/span><\/a><span style=\"font-weight: 400;\"> about the security weaknesses in some of the \u2018buy-now-pay-later\u2019 (BNPL) apps that offer such credit.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Signing out of \u2018Find My Phone\u2019 and changing the password will make the victim\u2019s life 100 times harder.<\/span><\/li>\n<\/ul>\n<blockquote><p><span style=\"font-weight: 400;\">Alarm bells should be sounding amongst banks, payments firms, tech giants, app developers and the authorities.<\/span><\/p><\/blockquote>\n<p><span style=\"font-weight: 400;\">But I\u2019d say that the results of my research go further. I\u2019ve shown that, contrary to what one UK bank reportedly told poor Mr. de Simone, it\u2019s quite straightforward to use the combination of a stolen phone and its PIN to loot victims\u2019 bank accounts. This can be done by resetting their banking app log-ins, using a variety of exit routes. Alarm bells should be sounding amongst banks, payments firms, tech giants, app developers and the authorities.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To reduce the risks of losing money right after losing your phone, we strongly recommend the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enable Face ID and a long (6+) PIN code on a phone<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set up a different PIN code in every app you can, e.g. mail or banking apps.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Do not store your card with your phone. <\/span><a href=\"https:\/\/www.google.com\/search?q=magsafe+wallet\"><span style=\"font-weight: 400;\">Mag Safe wallet<\/span><\/a><span style=\"font-weight: 400;\"> is a bad idea.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Do not leave personal details on the phone. That includes photos and records of your documents, PINs, logins and passwords. Your photo app, file downloads and your email account are often full of such details, so you need to make a special effort not to leave them there.<\/span><\/li>\n<\/ul>\n<h2><b>Disclaimer<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">For obvious reasons, I haven\u2019t named the three high street banks and the seven neo-banks whose apps I tested. All the vulnerabilities were reported to those firms\u2019 security teams prior to the publication of this article (assuming I could find a public security email, security.txt file, responsible disclosure program or something similar). Not all the neo-banks, however, offered any such way of getting in contact.<\/span><\/p>\n<p><em><strong>More from Tim Yunusov at New Money Review<\/strong><\/em><\/p>\n<p><a href=\"https:\/\/newmoneyreview.com\/index.php\/2023\/01\/09\/adding-crypto-to-payment-cards-is-playing-with-fire\/\">Adding crypto to payment cards is playing with fire<\/a><\/p>\n<p><a href=\"https:\/\/newmoneyreview.com\/index.php\/2022\/09\/28\/buy-now-pay-less-ornot-at-all\/\">Buy now pay less or\u2026not at all<\/a><\/p>\n<p><a href=\"https:\/\/newmoneyreview.com\/index.php\/2022\/08\/15\/no-photoshop-required\/\">No PhotoShop required<\/a><\/p>\n<p><a href=\"https:\/\/newmoneyreview.com\/index.php\/2022\/03\/08\/fake-ids-blow-hole-in-russia-sanctions\/\">Fake IDs blow hole in Russia sanctions<\/a><\/p>\n<p><em><strong>Don&#8217;t miss our podcast, &#8220;<a href=\"https:\/\/blubrry.com\/newmoneyreview\/\">the future of money in 30 minutes<\/a>&#8220;, featuring the top minds in payments, digital currency, crypto, law, technology and financial crime<\/strong><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some frauds and scams aimed at emptying your bank account are ringing alarm bells. But what about the ones that aren\u2019t?\u00a0 Authorised push payment fraud (APPF) &#8211; where the victim [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":7379,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1013,1012,1053,1026,1014],"tags":[2206,1922,1169,2204,2205,2207],"class_list":{"0":"post-7368","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-account","8":"category-exchange","9":"category-featured-1","10":"category-latest-slider","11":"category-payment","12":"tag-apple-pay","13":"tag-fraud","14":"tag-hackers","15":"tag-phone-theft","16":"tag-pin","17":"tag-scams"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>A phone grabber could drain your bank account in minutes - New Money Review<\/title>\n<meta name=\"description\" content=\"Criminals can loot your bank account after stealing your phone, if you use certain banking and mobile payment apps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A phone grabber could drain your bank account in minutes - New Money Review\" \/>\n<meta property=\"og:description\" content=\"Criminals can loot your bank account after stealing your phone, if you use certain banking and mobile payment apps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/\" \/>\n<meta property=\"og:site_name\" content=\"New Money Review\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-04T15:54:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-31T12:04:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"427\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Timur Yunusov\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@newmoneyreview\" \/>\n<meta name=\"twitter:site\" content=\"@newmoneyreview\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Timur Yunusov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/\"},\"author\":{\"name\":\"Timur Yunusov\",\"@id\":\"https:\/\/newmoneyreview.com\/#\/schema\/person\/1a2aac5a6255efb8f8eb9574cf99f6bd\"},\"headline\":\"A phone grabber could drain your bank account in minutes\",\"datePublished\":\"2023-05-04T15:54:55+00:00\",\"dateModified\":\"2023-07-31T12:04:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/\"},\"wordCount\":2722,\"publisher\":{\"@id\":\"https:\/\/newmoneyreview.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png\",\"keywords\":[\"Apple pay\",\"Fraud\",\"hackers\",\"phone theft\",\"PIN\",\"scams\"],\"articleSection\":[\"ACCOUNT\",\"EXCHANGE\",\"Featured\",\"Latest\",\"PAYMENT\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/\",\"url\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/\",\"name\":\"A phone grabber could drain your bank account in minutes - New Money Review\",\"isPartOf\":{\"@id\":\"https:\/\/newmoneyreview.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png\",\"datePublished\":\"2023-05-04T15:54:55+00:00\",\"dateModified\":\"2023-07-31T12:04:01+00:00\",\"description\":\"Criminals can loot your bank account after stealing your phone, if you use certain banking and mobile payment apps.\",\"breadcrumb\":{\"@id\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#primaryimage\",\"url\":\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png\",\"contentUrl\":\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png\",\"width\":640,\"height\":427},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/newmoneyreview.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A phone grabber could drain your bank account in minutes\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/newmoneyreview.com\/#website\",\"url\":\"https:\/\/newmoneyreview.com\/\",\"name\":\"New Money Review\",\"description\":\"A periodical covering the accelerating changes in money\",\"publisher\":{\"@id\":\"https:\/\/newmoneyreview.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/newmoneyreview.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/newmoneyreview.com\/#organization\",\"name\":\"New Money Review\",\"url\":\"https:\/\/newmoneyreview.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/newmoneyreview.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2018\/01\/cropped-nmr_close-crop.jpg\",\"contentUrl\":\"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2018\/01\/cropped-nmr_close-crop.jpg\",\"width\":1418,\"height\":158,\"caption\":\"New Money Review\"},\"image\":{\"@id\":\"https:\/\/newmoneyreview.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/newmoneyreview\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/newmoneyreview.com\/#\/schema\/person\/1a2aac5a6255efb8f8eb9574cf99f6bd\",\"name\":\"Timur Yunusov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/newmoneyreview.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a4b2c8e5ae642534331a28875680618eb1ad415963adc137fab3976eaaad8b09?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a4b2c8e5ae642534331a28875680618eb1ad415963adc137fab3976eaaad8b09?s=96&d=mm&r=g\",\"caption\":\"Timur Yunusov\"},\"url\":\"https:\/\/newmoneyreview.com\/index.php\/author\/timur-yunusov\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A phone grabber could drain your bank account in minutes - New Money Review","description":"Criminals can loot your bank account after stealing your phone, if you use certain banking and mobile payment apps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/","og_locale":"en_GB","og_type":"article","og_title":"A phone grabber could drain your bank account in minutes - New Money Review","og_description":"Criminals can loot your bank account after stealing your phone, if you use certain banking and mobile payment apps.","og_url":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/","og_site_name":"New Money Review","article_published_time":"2023-05-04T15:54:55+00:00","article_modified_time":"2023-07-31T12:04:01+00:00","og_image":[{"width":640,"height":427,"url":"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png","type":"image\/png"}],"author":"Timur Yunusov","twitter_card":"summary_large_image","twitter_creator":"@newmoneyreview","twitter_site":"@newmoneyreview","twitter_misc":{"Written by":"Timur Yunusov","Estimated reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#article","isPartOf":{"@id":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/"},"author":{"name":"Timur Yunusov","@id":"https:\/\/newmoneyreview.com\/#\/schema\/person\/1a2aac5a6255efb8f8eb9574cf99f6bd"},"headline":"A phone grabber could drain your bank account in minutes","datePublished":"2023-05-04T15:54:55+00:00","dateModified":"2023-07-31T12:04:01+00:00","mainEntityOfPage":{"@id":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/"},"wordCount":2722,"publisher":{"@id":"https:\/\/newmoneyreview.com\/#organization"},"image":{"@id":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#primaryimage"},"thumbnailUrl":"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png","keywords":["Apple pay","Fraud","hackers","phone theft","PIN","scams"],"articleSection":["ACCOUNT","EXCHANGE","Featured","Latest","PAYMENT"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/","url":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/","name":"A phone grabber could drain your bank account in minutes - New Money Review","isPartOf":{"@id":"https:\/\/newmoneyreview.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#primaryimage"},"image":{"@id":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#primaryimage"},"thumbnailUrl":"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png","datePublished":"2023-05-04T15:54:55+00:00","dateModified":"2023-07-31T12:04:01+00:00","description":"Criminals can loot your bank account after stealing your phone, if you use certain banking and mobile payment apps.","breadcrumb":{"@id":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#primaryimage","url":"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png","contentUrl":"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png","width":640,"height":427},{"@type":"BreadcrumbList","@id":"https:\/\/newmoneyreview.com\/index.php\/2023\/05\/04\/a-phone-grabber-could-drain-your-bank-account-in-minutes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/newmoneyreview.com\/"},{"@type":"ListItem","position":2,"name":"A phone grabber could drain your bank account in minutes"}]},{"@type":"WebSite","@id":"https:\/\/newmoneyreview.com\/#website","url":"https:\/\/newmoneyreview.com\/","name":"New Money Review","description":"A periodical covering the accelerating changes in money","publisher":{"@id":"https:\/\/newmoneyreview.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/newmoneyreview.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/newmoneyreview.com\/#organization","name":"New Money Review","url":"https:\/\/newmoneyreview.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/newmoneyreview.com\/#\/schema\/logo\/image\/","url":"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2018\/01\/cropped-nmr_close-crop.jpg","contentUrl":"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2018\/01\/cropped-nmr_close-crop.jpg","width":1418,"height":158,"caption":"New Money Review"},"image":{"@id":"https:\/\/newmoneyreview.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/newmoneyreview"]},{"@type":"Person","@id":"https:\/\/newmoneyreview.com\/#\/schema\/person\/1a2aac5a6255efb8f8eb9574cf99f6bd","name":"Timur Yunusov","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/newmoneyreview.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a4b2c8e5ae642534331a28875680618eb1ad415963adc137fab3976eaaad8b09?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a4b2c8e5ae642534331a28875680618eb1ad415963adc137fab3976eaaad8b09?s=96&d=mm&r=g","caption":"Timur Yunusov"},"url":"https:\/\/newmoneyreview.com\/index.php\/author\/timur-yunusov\/"}]}},"jetpack_featured_media_url":"https:\/\/newmoneyreview.com\/wp-content\/uploads\/2023\/05\/iPhone-theft.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/posts\/7368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/comments?post=7368"}],"version-history":[{"count":2,"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/posts\/7368\/revisions"}],"predecessor-version":[{"id":7378,"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/posts\/7368\/revisions\/7378"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/media\/7379"}],"wp:attachment":[{"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/media?parent=7368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/categories?post=7368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newmoneyreview.com\/index.php\/wp-json\/wp\/v2\/tags?post=7368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}