How (Not) To Hide Your Key While Surfing

How (Not) To Hide Your Key While Surfing

Meanwhile in the US...

A cautionary tale and helpful security tips from a man who lost it all. 

Editor’s note: A member of Stab’s US team recently had their wallet and car keys stolen while using the leave-they-key-in-a-towel-on-the-beach-because-it’s-so-obvious-no-one-will-suspect-it theory. Turns out, at least one person was stupid (smart?) enough to suspect it, and they made out with $43, a condom from 2007, and nearly every valuable piece of plastic in this person’s life. 

Two days later, a piece from Anders Samuelson arrived in our inbox about a similar situation, which led us to believe that this is a fairly common occurrence in surfing (perhaps more so than any other hobby, given the necessity to enter a body of water often out of eyesight from your vehicle). So for the sake of saving our audience time and money, we decided to post Ander’s article on the topic of hiding your key while surfing — the first rule of which is NEVER hide your key while surfing. Go figure. 

(ANDERS SAMUELSON)

On the evening of March 7, 2024, I got out of my faculty meeting at approximately 4:30 p.m. and beelined it from Culver City, up the PCH to Topanga, where I had a gut-feeling the wind was about to swing offshore for the last hour-or-so of dreary daylight.

It had been raining on and off all day, and as I passed Will Rogers, the light over the Pacific had gone that distinct, post-rain shade of washed silver. By the time I got to Topanga, the wind had gone fully offshore. It would be dark in an hour, and it would be back to lake-like by morning, so I threw my wallet and phone into my glovebox, put on my suit and booties, and carelessly hid my key under a nearby rock that I knew would be able to identify in the darkness. 

The crowd was light and the surf was fun. The recent rains had been substantial, and with the sand funneling out of Topanga Creek, the wave had turned into a bit of a novelty, sand bottom point. I’m from Maine originally, and coming from the northeast, these are the surfs I love most in LA: evening wind swells with light crowds.

Just before dark, I got one more good one, and then made my way across the cantaloupe-shaped cobbles that line the inside. I was sated; I could drive home in peace. The afternoon’s faculty meeting felt decades away. What a miracle surfing is. These are the thoughts I was reflecting on as I stood in the showers, looking out at the smudge of horizon, and the five-or-so souls still in the water.

 

When I got to my rock, the one I would be able to identify easily in the darkness, I saw that it had been moved, and in the small cavity that the rock had left, there was nothing but dirt. Oh no. I walked the fifteen or so feet to my 2010 Honda Fit, and through the un-tinted passenger-side window, I could see that whoever had found my key, had opened my glovebox and taken my wallet and phone. My extra board was untouched, as was my $350 spare wetsuit, and my wedding ring, which I used to leave in my cup holder. (Thank you, thieves, for not taking that.) Just the wallet and phone were missing. So there I was, fully suited, soaking wet, locked out on the PCH, watching the neon fish on the Reel Inn sign jump endlessly after another. For once, I was jealous of the hundreds of oblivious Tesla-drivers making their way home to Santa Monica or the Palisades, with their heated seats, and their wallets and phones tucked safely away in their center consoles. 

 

True to form, despite the darkness, and the breezy, post-rain weather, a few of the Topanga lot diehards were hanging out at the top of the stairs keeping a weather eye on the surf, so I walked over to ask if they’d seen anything suspicious. Shamefully, I forget the guys’ names, but they gave me a towel and a beer and told me they were, “…so fucking sick of these guys coming around and taking people’s shit.” Amen. Just another reason to respect the locals; they’ll help you out when you actually need help. 

This next part is boring, but it will sound familiar to many readers: I borrowed a phone, my wife came and picked me up, I got home, showered, flagged the fraud on my cards, called my bank (but couldn’t verify my identity because my phone was gone and thus I couldn’t verify text codes… Jesus Christ,)  started ticking through the thousand other headaches I knew I was about to be dealing with, grabbed my spare key–thank God I had one–called a Lyft on my wife’s phone, got back to Topanga, retrieved my car, and drove home cursing the thieves who’d taken my things, and my own, Maine-raised naivete (or stupidity…tomato tomahto.) 

Anybody who’s dealt with this nightmare knows intimately the maddening process that came next: file a police report, change your passwords, change your pincodes, check your Airbnb account which you’re probably auto-logged into on your phone, check your PayPal, check Venmo, check Fidelity, check Coinbase if that’s what you’re into, the list goes on and on and on…and on. We’re all prisoners in this digital world. 

The kicker for me, and many other unfortunate people I’ve spoken with, is that the people who robbed me were somehow able to get into my bank account where they wreaked havoc withdrawing money, and even transferring money from my savings account into my checking account before my bank finally, $5,624 later, realized something suspicious was happening. How they pull this off is still a bit of a mystery to me, but the point is, if they have your phone and wallet, they have the keys to your life’s castle… I’ve heard a couple reasonable theories here: 

Theory 1: If you have a simple (or to put it bluntly, stupid) passcode, which I did, on your phone, they can put baby powder on your screen and lightly shake the device to see where the powder collects. If it concentrates on a certain key, or certain keys, they’ll try that key, or combination of keys, and in some cases, bingo. (When I heard this theory from the officer to whom I reported my lost items, I was convinced that this was what happened to me, but then there were some other things that just didn’t line up… mainly, why didn’t they go into my Venmo? Why didn’t they change my Gmail password or AppleID? Etc. etc.) 

Theory 2: I heard this one from a friend who dealt with the same situation during the early days of the Pandemic up by Zeros. He told me to check my outgoing call log as he’d found that there were dozens of calls made from his phone number to his card companies and to his bank. I’m a bit of a luddite, so I’m not sure exactly how it works, but there’s a relatively simple sounding scam these people pull-off in which they “SIM Swap,” call your cell provider, pose as you, and ultimately take control over your phone number which then allows them to verify all those texts that come through asking if you want to verify transactions, authorize withdrawals, etc. 

Again, I know very little about the technical side of all this, but I have gained a few useful tips and insights that I would love to share with the Stabcommunity, because, while it’s easy to get pissed off at the guy next to you in the water, when shit hits the fan, it’s important to remember that we’re all generally good people, just trying to get a few good ones before we have to go home, make dinner, and get up in the morning to go to work and do it all again: no one deserves this mess. So, from one surfer to another, here are a few tips:

1. Absolutely never hide your key. Ever. 

The guys pulling these jobs are slick. No matter how good your “spot” is, it’s vulnerable. I have an old car with manual locks and given that they took my key–bastards–I had to get all my locks replaced ($450). David, the man who helped me at Advanced Lock and Key – great dude btw – told me he sees this all the time and that the thieves have all the lots staked out with all sorts of eyes watching at all times. The watchers communicate key locations to the thieves, and bingo bango, they’re in and out before you’ve even gotten your first wave. (And then they’re off to Apple, Best Buy, Nordstrom Rack, and in my case, Louis Vuitton… Later on, when I had to build my fraud case, the whole thing could have been dealt with if they’d taken one look at my belongings as they surely would have realized, “Yeah, this guy’s not shopping at Louis Vuitton…”) Again, every victim will attest to this, they steal your key to delay you, so for peace of mind, I wanted to get my locks changed… Remember, they have your license, so they have your address, and they know your vehicle, so theoretically, they could swing by your car at any time. So don’t hide your key. Period. 

2. Lockboxes won’t save you… WEAR YOUR KEY!

These things get pried open all the time; just ask around… Maybe there are better options than that standard one that everyone has that always gets jammed, but as the discovery of fire taught us, and the Industrial Revolution reminded  us, “necessity is the mother of invention,” and I’d put money on the fact that these thieves will find ways to bust into whatever new lockboxes come onto the market. As far as I can tell, the only truly safe bet is to get a valet key that you can wear around your neck on a shoelace and take into the water with you. For some reason I’m always skeptical of the key pockets on wetsuits as it’s just the flimsy piece of sometimes sun-rotted neoprene thread that’s holding your key in that outside calf pocket, but even so, if you lose your key out of that pocket, it’s safer on the bottom of the ocean than it is in a bush, up a wheel well under some plastic flap, in some wadded up dirty underwear in your truck bed, or in a lockbox. 

3. Create a multi-digit passcode for your phone. 

This one is simple. The aforementioned “sifting the baby powder around on the screen” trick sounds pretty compelling to me, so better safe than sorry. 

4. Strip down your wallet and only carry the essentials. 

This is a big one. When my wallet was taken, I realized I kept way too much stuff in there: semi-important receipts, gift cards, etc. All you really need at any given time is a credit card and a license. My central recommendation on this piece is to leave your debit card in a safe place at home. I bank with a different bank than my credit cards are associated with, so theoretically, had I not had that bank card in my wallet, there’s a chance they wouldn’t have been able to get into my bank account before I got home to call the bank. I think having the physical card with the card number and customer service number right there makes their (the perpetrator’s) life significantly easier. If you ever need cash, take your card to the ATM, withdraw cash, and then put it back in its safe spot. Likewise, leave your other random credit cards from college and airline promotions in that same secret Altoids box with your debit card. 

5. Make sure you have a security word with your bank.

I can’t believe this line of security doesn’t automatically exist with banks and their customers, but when I was sorting through this wilderness with my bank, I simply asked the representative if there were any other measures of security I could take to ensure I never had to relive this nightmare. “Well you can set up a security word,” she said. Again, I can’t believe I had to ask to do this, but be proactive and do it. And make sure it’s not a word that’s in your wallet, on your phone, or on a sticker on your car. 

6. Find a good hiding spot in your car for your phone and (stripped down) wallet.

This may seem like overkill, but I sort of feel like it’s only a matter of time before people start smashing windows (more than they already are); especially in the less trafficked zones. If this is the case, you’ll want to ensure that your items are tucked away somewhere that won’t be obvious if they ransack your stuff. 

7. Put some decoys in the glovebox.

Again, it sounds like overkill, but as far as I’m concerned, some overkill is worlds better than two months of customer service purgatory and potentially thousands of dollars gone up in smoke. Find an old wallet and an old phone and throw them in your glovebox. If they’re stolen, it’s no big deal. 

 

In closing, as any victim will tell you, the credit card companies are generally pretty easy to deal with, it’s the bank accounts where things can go completely sideways. For me, the number was just under $6,000, which, as a teacher, is about what I save in a year, or as much as my honeymoon to the Telo Islands cost last year.  That was a major dagger to consider, (big shout out to Kai and the folks at Latitude Zero) but I’ve spoken with other people who have lost as much as $12,000 in these debacles. The reality is, whether it’s $500 or $12,000, for most of us, it’s hard-earned, often vital money, and therefore, it’s an absolutely devastating situation to find oneself in: it’s emotionally draining, logistically complicated, and just generally infuriating, so consider these tips, be vigilant, and good luck out there, folks.

Thank you to the locals keeping an eye on things, Brenda at my bank, and my lovely wife, Lucy, for letting me use her phone to make about 200 customer service calls in the days I was without a phone, and being a general source of light during an otherwise dark, helpless feeling chapter. 

8. Be careful before changing your phone number. 

In my panic state, I changed my phone number. I still don’t know if that was the smart move, but the guy at the AT&T store said it, “…seems like a smart thing to do,” so I, potentially rashly, changed mine right then and there. I just figured it would eliminate the potential for further exploitation of my “assets” via my phone number. Anyhow, changing your phone number is a big deal as in 2024, our whole life is more or less dependent on two-step verification with phone number. I spent hours untangling this mess, updating my phone number on dozens of apps, and I’m still not even sure it was necessary, so I would consult a more knowledgeable source before going ahead and changing your phone number. This is especially true with Gmail. I learned a lot going through this process. One lesson I learned is that it’s basically impossible to get a human Google representative on the phone, so if you’re going to change your phone number, make sure you update your default Gmail phone number before you officially change your number as it’s virtually impossible to do this retroactively. Again though, definitely look into this on your own before you go ahead and do anything rogue. 

9. Always have a spare key somewhere safe at home. 

Whether you lose your key out of your wetsuit, or you get taken on this whole run-around, it’s worth dishing out a few hundred dollars to have an extra key in case you need it. It’s a peace of mind thing that could save a massive headache down the road. 

If they do get you, here are a few other items to consider. 

I know different banks operate on different policies, but based on my experience, and anecdotal evidence from other victims, here are a few measures you should take to get your money back: 

  1. File a police report and get the case number and officer’s name. They’ll just give you a piece of paper at the scene, but if at a later date you need the full report, you can drive to the station, give them the case number, and for about $30, get a printed out report that will help your case. 
  2. Get your outgoing call log and see if calls were made to banks and/or other unknown numbers during that time frame.
  3.  Write a letter to your bank breaking things down on a granular level. (I.e. “At approximately 5:30 p.m. I parked on PCH. At approximately 5:40 I placed my key in x spot and entered the water. At approximately 6:45 I got out of the water…” you get the idea.) In your letter, make sure to include that call log and explain how you–as the police report will confirm–were not in possession of your phone at that time, and therefore, it was not you who authorized those transactions. Tell them it’s, “…an affront to your honor” that they’re essentially accusing you of trying to hustle them. It is. 
  4. Find a kind, human employee at your bank to be your point person as you navigate the whole process. There are some tough customer service representatives out there, but there are also some absolute legends such as Brenda who helped me. In short, the machines are useless, the humans will get the job done. 

In closing, as any victim will tell you, the credit card companies are generally pretty easy to deal with, it’s the bank accounts where things can go completely sideways. For me, the number was just under $6,000, which, as a teacher, is about what I save in a year, or as much as my honeymoon to the Telo Islands cost last year.  That was a major dagger to consider, (big shout out to Kai and the folks at Latitude Zero) but I’ve spoken with other people who have lost as much as $12,000 in these debacles. The reality is, whether it’s $500 or $12,000, for most of us, it’s hard-earned, often vital money, and therefore, it’s an absolutely devastating situation to find oneself in: it’s emotionally draining, logistically complicated, and just generally infuriating, so consider these tips, be vigilant, and good luck out there, folks.

Thank you to the locals keeping an eye on things, Brenda at my bank, and my lovely wife, Lucy, for letting me use her phone to make about 200 customer service calls in the days I was without a phone, and being a general source of light during an otherwise dark, helpless feeling chapter. 

 ( www.stabmag.com )

Back to blog