It was a bad night, and I can only remember bits and pieces. I was out with my friends in Shoreditch, an east London neighbourhood known for its artisan coffee, vintage shops and warehouse raves. At 3am, I stumbled out of one of these establishments, alone in the cold rain, stoned on whiskey and coke, praying for an Uber to turn up and take me home. But the app kept taunting me with phantom drivers who were always a minute away but never arrived. That’s Uber today, the ride-hailing lottery.

I have only a vague memory of what happened next: I was sitting on a curb, a white car drove up, I submerged, passed out and woke up in bed the next morning. That’s when I realized something was wrong.

My phone had no signal and told me I didn’t have a SIM card. I realized that my phone was actually missing the SIM card. Then I thought about my money.

Nothing gets the adrenaline pumping like a call to a bank representative with bad news. As he rattled off the litany of pre-dawn supermarket and casino charges, my horror gave way to a grudging sense of awe: How had a criminal managed to spend five grand (all my money) in less than half an hour at 5 a.m.? The irregularity of the purchases made it clear, at least to me, that this was the work of a criminal. I would surely get my money back by noon.

But the bank disagreed. The nature of the incident, they explained, left no doubt: it could only have been me who spent all that money in those sleepless supermarkets and casinos. The purchases were made through my banking app, with my Face ID or my password. The theft of a SIM card was not enough, they insisted. That’s why they refused to refund me the money.

I was outraged, but also felt guilty—how careless I had been to pass out in that taxi, at the mercy of this man I could no longer imagine, the man who must have stolen my SIM card while I was drooling on his car seat.

With the bank shut down, I had no choice but to go in search of my missing SIM card. Weeks later, I stuffed a pile of spreadsheets, maps and bank letters into my backpack. I hopped on my bike and headed to Wembley, following digital breadcrumbs and clinging to the vague hope of getting my money back from the ghost who had stolen it.

At this point, I was convinced it was the taxi driver. Here’s what I think happened: In a stroke of drunken genius, I jumped into an unappable, unmarked taxi. It could have been anyone’s car—I was too drunk and exhausted to care. Unbearably, this left me with no direct digital trail to lead me to the thief. But the driver took me home. Then I saw evidence in my email that an Uber had been summoned to my door shortly after I went to bed while I was in a coma.

The thief or thieves had managed to access my Uber app using my stolen SIM card, so either the taxi driver had decided to be a passenger for once or he had accomplices.

My Uber receipt showed that he or she had driven to the 24-hour Asda in nearby Park Royal, where £2,500 of my money had evaporated in £250 increments. There was no way, I thought, that could have happened without facial recognition or at least my bank card – which I didn’t have on me that night. Unfortunately, my bank couldn’t verify the purchases.

At Asda, I asked the sales assistant for the video footage from that night. As she walked over to her manager, I looked around. It’s a huge supermarket that sells everything from cheap sweets to garden furniture. A perfect place for a night of shopping. I would go there too. But maybe I did.

I was terrified at the thought that the bewildered store manager would return and greet me with the familiar words, “It’s good to see you again, sir,” and then confront me with irrefutable video footage from that night of me drunkenly stumbling down the aisle with a microwave under one arm and some couch cushions under the other.

The saleswoman came back with her manager. They would find the CCTV footage and update me. Then I got back on my bike and set my sights on the Silvertime Casino in Wembley. My Uber app told me the thief had gone there next at 4:43am before the trail went cold.

As I cycled through these streets, a clearer picture of the thief became clearer. From what I could remember, he was South Asian, like me. He was probably born and raised in this area.

I walked through the casino doors into a dark, 24-hour soul-stealer, a few dead-eyed phantoms tapping away at screens. It was here that I had spent the rest of my money and withdrawn even more cash in bulk.

I’m still not entirely clear on how the scam worked. Somehow the thief had access to my phone number via my SIM card in his phone and was therefore able to receive all my calls and texts. All the two-step verification codes sent to me by my bank went to him, allowing him to immediately log into my online banking and authorize a flood of extravagant transactions.

Banks and phone manufacturers would never admit that this technology was so vulnerable – it would be corporate suicide. The technology must be infallible – they have staked everything on it.

Meanwhile, the casino employee said they would get back to me after reviewing the CCTV footage. Then came the purgatory: months of waiting and then more stalling. Both Asda and Silvertime refused to release the CCTV footage without a case number, but according to the bank, no crime had been committed, so it was impossible for me to get one or, as a result, police assistance. I exchanged appeals, letters and phone calls with the bank. Then the case was closed.

It could have been over, but then I read a story in a national newspaper about a woman whose phone and bank card had been stolen from her gym locker. The thief went on to commit a similar spree – and her gym is less than a mile from my home. I contacted her publicly on X, my post got noticed and soon a journalist contacted me.

During our call, the journalist explained that a pattern was emerging. Cases of this scam were cropping up in west and northwest London. When I mentioned Silvertime Casino, he paused. “Ah,” he said, “this place is very popular with those who commit this scam. It has been used in several cases.” The scammers stole phones and SIM cards, accessed people’s bank accounts, and then ended up at Silvertime, where they were able to withdraw large sums of cash. Casinos are used to handling large transactions; they usually have ATMs or cash desks that allow withdrawals via mobile banking apps.

How did the journalist know all this? Because other victims had told him, including a customer of my bank.

Armed with this information, I called my bank’s fraud department again. I asked them directly if they knew that another Silvertime customer had had money stolen. Silence. I continued because either they didn’t know, which would be a serious oversight for a fraud department, or they did know and were using it to prove my innocence.

The representative apologized diplomatically and promised to contact me in a few days. I was refunded my money the next morning and I’ve tried not to think about the whole sad mess until now.

As technology evolves, so do scammers. In this game of cat and mouse, citizens are often unsuspecting victims. I don’t have all the answers, but I strongly advise you to SIM lock your phone so a thief can’t use it.

Stay alert, stay informed and definitely don’t faint in the back of a taxi.

HOW TO PROTECT YOUR SIM CARD

If you enable a SIM PIN, you will need to enter an identification code each time you use your SIM card in a new device. To do this, follow these steps…

• Go to Settings and then Mobile Services.
• Scroll down and activate the SIM PIN.
• If prompted, enter your SIM PIN. If you haven’t created one yet, your network operator will set one automatically. Check the customer service page or call to get the PIN.
• After entering your SIM PIN, click “Change PIN” and create a new PIN.
• Remember this PIN – you will need it to unlock your SIM card when you get a new phone.