Having your phone stolen is bad enough, but as the Wall Street Journal (opens in new tab) recently reported, iPhone passcode fraud is a hot topic in the real world. But similar things can happen to people using the best Android phones.

If you are not familiar with this scam, it goes something like this. First, cell phone thieves watch their marks carefully to figure out the PIN they use to unlock the iPhone, then steal their device outright. Then, once they have the user's PIN, they change the password associated with the Apple ID and remotely log out of the other Apple device.

Worse yet, some phone thieves who perpetrate this scam on unsuspecting iPhone owners have figured out how to enable Apple's Recovery Key feature.

Now a new report from 9To5Google (opens in new tab) warns that a similar scam is possible on Android devices, since you only need a PIN to change someone's Google account password.

In a recent tweet (opens in new tab), freelance editor Mishaal Rahman explained how this is possible thanks to an option in Google Account Settings that allows users to use their lock screen PIN to change their account password He explained how this is possible.

The reason this can be used in a similar fashion to the recent iPhone passcode scam is that Google allows users to change their password using only their PIN if requested to do so by a device registered to their account.

What makes this finding particularly serious, however, is the fact that there is no verification beyond someone entering their mobile PIN. Indeed, Google first asks the user to enter the current password, but this can be bypassed by tapping "forgot password" and selecting the option to use a screen lock instead. If this sounds familiar, it is similar to the Android lock screen vulnerability discovered last October.

Fortunately, thieves are more likely to steal the best iPhones because of their popularity and high resale prices. In fact, in a video posted by The Wall Street Journal on its YouTube channel (opens in new tab), we spoke to a police sergeant who said that 99% of the incidents his department sees involve iPhones.

To keep Android smartphones from being peeked at in public, biometrics such as fingerprints or faces should be used instead of PINs. You will still be asked to enter your PIN from time to time, and sometimes when the fingerprint reader malfunctions, but you want to do so carefully.

The PIN itself can also be made stronger. Android requires a four-digit PIN by default, but you can actually use a longer PIN that is harder to guess. For example, if you are using a Pixel phone like the Pixel 6a, the PIN can be as long as 17 digits.

However, if you want the best protection Google has to offer, you should look into the search giant's Advanced Protection Program. This program requires the use of two security keys to protect your account. While it blocks the ability to change your Google account password using your phone's PIN.

We also recommend installing one of the best Android antivirus apps, as many of them include advanced device tracking and other premium features to help you recover your stolen phone. For example, you can take a selfie of the phone thief and save it to help identify the thief later.

While we often worry about cyber threats such as malicious apps and mobile malware, we should not forget that there are also threats in the real world and, as in this case, the digital and physical worlds can collide.