If someone asks to borrow your phone to make a call, what could they do?
A stranger walks up to you on the street. They say they lost their phone and need to make a phone call (has happened to me twice, and maybe to you). What's the worst a phone call could do?
Let's assume they don't run, don't plug any devices into the phone, they just dial a number and do whatever, and hang up.
For what it's worth, if a stranger needed to borrow my phone, I'd dial the number myself and put it on speaker. This would reduce the chance of them running off, and also prevent most of the scams and schemes listed below, yet still allow me to be a good Samaritan to someone with a genuine need.
It wouldn't prevent the premium rate dial scheme if there was someone there to answer.
@aslum I let them to use my powerbank instead. I would not let them to use my phone in any way.
If I were you I'd at least use screen pinning, which is available since Android 5, so the other person can't access anything else then the dialer.
A few scams I've seen making the rounds:
- Use it to dial a premium rate number owned by the group. In the UK, 09xx numbers can cost up to £1.50 per minute, and most 09xx providers charge around 33%, so a five minute call syphons £5 into the group's hands. If you're a good social engineer, you might only have a 10 minute gap between calls as you wander around a busy high-street, so that's £15 an hour (tax free!) - almost triple minimum wage.
- Use it to send premium rate texts. The regulations on there are tighter, but if you can get a premium rate SMS number set up, you can charge up to £10 per text. A scammer would typically see between £5 and £7 of that, after the provider takes a cut. It's also possible to set up a recurring cost, where the provider sends you messages every day and charges you up to £2.50 for each one. By law the service provider must automatically cancel it if they send a text sayin STOP, but every extra message you send gains you money.
- Set up an app in the app store, then buy it on peoples' phones. This can be very expensive for the victim, since apps can be priced very high - some up to £80. In-app purchases also work. This is precisely why you should be prompted for your password on every app purchase and in-app purchase, but not all phones do so!
- Install a malicious app, such as the mobile Zeus trojan. This can then be used to steal banking credentials and email accounts. This seems to be gaining popularity on Android phones.
+1 for the first two points, as the OP assumes that they "dial a number and do whatever, and hang up". I know whatever is broad, but I'm assuming that is akin to talk to or listen to the call, and not Install arbitrary software.
For scenario #1 - which seems like the best answer, btw, is there any chance the phone owner can dispute / have these charges refunded? Do you have any links concerning this scam?
When I ran into some bad charges on my PAYG phone, it was very difficult to dispute them. It may be easier on contract, but I don't know. It's a YMMV thing. As far as links go, I don't have any atm (I'm using my tablet right now) but I can try to dig some yup later.