Your Old Phone Is a Scam Risk: How Criminals Use Recovered Data in Thailand

Where Scammers Get Your Data

Thailand consistently ranks among the highest in Southeast Asia for online fraud. While phishing and social engineering get most of the attention, a significant source of personal data is much simpler: old phones and laptops that were thrown away or sold without being properly wiped.

What a Discarded Phone Contains

A typical phone sold or discarded without a certified wipe still contains:

• LINE conversations and contacts
• Banking app sessions and saved credentials
• PromptPay registration details
• Photos of ID cards, passports, and documents
• Email access and social media logins
• WiFi passwords and network history

How This Data Gets Used

Recovered data is used for identity theft, unauthorised bank transfers, SIM swap attacks, social media impersonation, and targeted scam calls. A single phone can provide enough information to open accounts, apply for loans, or impersonate someone convincingly.

How to Protect Yourself

1. Never sell or donate a device without a certified data wipe
2. Factory reset alone is not sufficient (it leaves data recoverable)
3. Request a Certificate of Data Destruction as proof
4. Consider physical destruction for devices containing highly sensitive data

If you have old phones or laptops sitting in a drawer, they are not safe just because they are out of sight. Data remains accessible until it is properly destroyed.

Learn about personal data destruction services.