When grocery shopping earlier this evening, a young man in his 20's in a hooded sweatshirt who looked incredibly high and/or mildly intellectually disabled approached me in the bread isle to ask to use my phone. When I inquired about the reason, he informed me it was to contact his mother. Without thinking an excessive amount, I unlocked my phone, opened the dialer, and handed it to him.
While the call was being placed, I remained within an arm's reach prepared to trip him if he attempted to bugger off. He appeared to dial a number, hold the phone to his face for a few moments, and then made a combination of three taps and window swipes before handing it back and expressing appreciation.
Shortly after the encounter, I ran a malware scan, and nothing was detected. There was also no record of the alleged call the person made, so I assumed he must have deleted the call log. Additionally, no new apps were installed, and I have my phone set to only allow Google Play app downloads and not automatically download SMS messages. There were also no anomolous records in sent folders of email apps or new entries in my browser history, and I was logged out of all financial apps, which have double layer protection enabled.
For all I know, he could have called a drug dealer or actually phoned his mother, but all sorts of scams outlined in Google search results have me reeling at the moment. Do any resident cyber security specialists have suggestions other than asking people to use the store phone in the future? Should I be looking for additional signs of tampering? Thanks in advance for any advice.
[Edit:] I just researched info regarding USSD codes that can be entered into a phone's dialer app to acces certain settings, device cloning, and about USB rubber duckies and how phones can be converted into them and used to harvest data that can be used to hijack an active service plan and/or circumvent 2 step text message security verification measures.
If the aforementioned person had a modified phone in his sweatshirt pocket, a data transfer could have probably happened in a matter of seconds with very few taps and swipes. It's truly frightening to consider what a con person could accomplish by borrowing a phone.