Open in app

Sign in

Write

Sign in

My phone was stolen in Spain. Things I learned

Kelvin Watson
6 min readApr 11, 2024

--

Without access to my home country’s phone number or another trusted device, I could not two-factor into my Google account, effectively locking myself out of my own accounts.

On my second day of my three-week solo trip in Europe, my phone was stolen. I was drugged and without my phone in the middle of a foreign country. It was 3:30am in the morning. I was on the streets, lost, and hoped that I would wake up from this nightmare.

Our phones have become the center of everything in our lives. However, this reliance can become a vulnerability when our devices are lost or stolen. In this era of mobile devices, with unfettered internet access and cloud storage, many of us no longer remember phone numbers or addresses. However, doing so can be crucial for recovering your accounts, sanity, and most importantly, your identity.

Fortunately, I managed to remember the address where I was staying and my brother’s phone number. Had I not been able to recall these data points from memory, I would have had to find my way to the police station that night. Even then, I would still have to remember someone’s phone number or an email address.

Without a second device with me, I was completely “blind” for days with respect to my trip tickets, itinerary, and numerous reservations. Meanwhile, the thieves were already making purchases with my digital wallet and deleting photos to cover their tracks.

I did not sleep for at least 30 hours after returning back to my host’s condo. Thankfully, he had a spare device I could use. It wasn’t of much help, but it was something. He let me use his Facebook account to comment on a loved one’s public post to signal that I needed help.

Losing my phone was one thing, but losing access to my email and cloud storage meant I was unable to retrieve important details about my trip. Train tickets, event reservations, boarding passes, and other critical items I needed for my time in Europe, were inaccessible. Thankfully, I had prepared a Google document with all of my trip details, dates, and reservation/confirmation numbers, and shared this document with two of my family members. These helped to recover some of my reservations, but not all of them.

I didn’t have time to process the fact that my privacy was thoroughly violated. All of my emails, contacts, and personal data completely invaded and exposed. I needed to act fast, get a replacement phone and begin locking down my accounts, financial, socials, and anything else I could remember.

Over the course of the next two days, I spent hours dealing with my home country phone carrier. I needed to freeze or temporarily cancel my phone number so that the thieves could not use it to two-factor into my accounts. However, the carrier required my IMEI number and three phone numbers I contacted the most. Being only able to provide two of those phone numbers was insufficient to access my account to perform security measures to protect myself. In essence, I was unable to prove I was, in fact, me. The MVNO carrier I dealt with only had an online support track. You may have better luck if you’re able to contact a carrier company that offers in-person or phone support.

Side note: Your phone’s serial number is required for filing police reports in Spain. The police station will turn you away if you don’t have this information.

Without access to my home mobile phone number, I could not two-factor into my Google account, effectively locking myself out of many other accounts. I was able to obtain a SIM card while in Spain, but as a tourist, there was only one plan I could purchase. Purchasing that SIM card required a passport, which I happened to have with me at the time. Keep that in mind when trying to obtain a SIM card at wireless carrier physical stores. While this tourist/visitor phone plan provided ample data, it only allowed me to make local calls. Yes, you read that right: I could not make calls to 1–800 numbers. It also offered no SMS.

To reach my financial institutions, I needed my friend to call the institution, then loop me in a three way call. I was able to lock down my accounts this way, but it took additional time and effort. The longer this was delayed, the more damage the thieves were able to do. Keep in mind though, that locking down an account or disputing transactions could mean that you would have to cancel that payment card. In that case, you should ensure that you have at least one other spare payment method as a backup while traveling. Do not add all of your payment methods to our digital wallet in case your phone is compromised, as was the case with me. Fortunately, I had one spare card that wasn’t part of my digital wallet that I was able to use for the remainder of my trip.

If your photos are important to you, consider keeping copies in a second account that isn’t tied to your main account. This applies to contacts as well.

If thieves have access to your main account—in my case, they did—they could access your emails, important files, identification details, wipe photos, or worse, completely lock you out of your accounts by changing your passwords.

In my case, Google was able to block their numerous attempts to change my passwords. If your password is easy to guess from hints left in emails or cloud storage, you could risk a breach to your accounts and lose them forever. Hence, consider backing up photos and other important documents in an account that’s separate from your main account.

I’ve compiled a list of things I would have done differently to better prepare for my trip. Having gone through this experience, I have a new found awareness of, and appreciation for, how vulnerable we are and how much we truly rely on technology to be “safe”. We often think that this “couldn’t possibly happen to me”. I would venture to guess that many—if not most—of us store confidential and deeply personal data in our emails and cloud storage. Perhaps we’ve applied for a mortgage and needed to email details to brokers, insurance companies, banks, Escrow intimate financial details, social security numbers and the like. Now, imagine all of that data in the wrong hands.

On the flip side, while we trust technology to keep us safe, sometimes they can overreach and make it difficult to prove you are, well, you.

Before traveling:

  • Bring a second device with you. This could be a second phone, a tablet, or a laptop. This device should be a “trusted” device that can either allow or temporarily bypass two factor authentication into your Google account (or your login method of choice). In a foreign country, you will likely not be able to use your home country’s phone number for 2FA.
  • On two small pieces of paper, write down the address or addresses where you will be staying. For safety reasons, keep details to a minimum. Retain a copy on your person, and place one copy hidden in your luggage.
  • On two small pieces of paper, write down 3 phone numbers that you contact (text or call) the most. Retain a copy on your person, and place one copy hidden in your luggage.
  • Write down your phone’s IMEI number and serial number on a piece of paper, or store them in a different account that’s not tied to your main account, or write it on two pieces of paper and store one on your person, and one hidden in your luggage.
  • Write down reservation numbers and phone numbers for events, accommodations, flights, trains, and public transportation in a document. Share this document with at least two loved ones.
  • Keep your passport in a secure place in your lodging (a locked safe for instance). However, if you need to purchase a SIM card in a foreign country, you may need to bring your passport in order to prove that you are a tourist.
  • If you cancel your phone plan in your home country, there may be a time limit for reactivation (mine was 30 days). Keep this in mind when you return home.
  • Do not add all of your credit/debit cards into your digital wallet for contactless payment. Keep some cards offline so that in the event that your device is compromised, you won’t be forced to lock or cancel those cards.
  • Keep some cash in your accommodations.

This experience was a wake-up call about the vulnerabilities of relying too heavily on technology while traveling. While this could happen to anyone, I’m hoping these tips will encourage more of us to be proactive. Safe travels.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Travel
Security
Cybersecurity
Identity
Identity Theft

--

--

Kelvin Watson
Kelvin Watson

Written by Kelvin Watson

13 Followers
17 Following

Android Engineer, Bodybuilder

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams