CHICAGO (CBS) -- Remember how awesome it was to get your first paycheck?
A teenager in Illinois had that very excitement drain from his face when his bank account also drained. Then he made another stomach-dropping discovery.
CBS 2's Lauren Victory explained Monday how to protect the keys to your personal information in your cellphone.
"I sold some clothes like supreme hoodies and Nike Jordan shoes," said Desmond Thomas.
Thomas also grew his nest egg by working at Six Flags in Georgia.
"Putting in long hours, saving it," he said.
But suddenly, he found a sizable sum start to disappear from his checking account. A total of $12,645 was drained away in transactions from huge Apple cash payments to an entire page of withdrawals that he had nothing to do with.
Thomas' statement the next month showed 2 cents left in his account.
"I saw it happened, so I called the bank," Thomas said.
How his money disappeared is still unclear. We are not naming the bank involved because honestly, we don't know what happened.
What we do know, as we found out while continuing to pull this story apart, is something mysterious on Thomas' phone deserved further exploration – a calendar filled with nonsense.
"I was like, what? What's this?" he said.
His phone settings showed calls being forwarded to another number that Thomas swears he does not recognize.
"I never contacted it," he said. "I don't know."
In such a scenario, cybersecurity expert Jeremy Hajek advised, "Factory-reset everything - start again."
Hajek confirmed something was not right when he analyzed screenshots from Thomas' phone.
"Click on this to delete it and you don't know what's on other side," Hajek said. "Now these are what we call phishing attacks."
You normally hear phishing attack scams affecting computer users, but they can affect mobile devices too.
"In iOS and Android, there are applications masquerading as malware," Hajek said.
Malicious phone apps can be installed accidentally, or perhaps they are downloaded by someone else. All it takes is setting your device down.
"If I have access to your phone, I can do anything with the information," Hajek said.
The Illinois Institute of Technology professor explained your contacts, calendar, banking details, and other sensitive information are all up for grabs.
"It's a digital twin of your life that someone can pick up and know everything about you," Hajek said.
Your best defense, he said, is to use face-recognition and/or pin numbers to lock your phone. You should use the same to access apps with sensitive details.
The cybersecurity expert warns against keeping passwords stored in your email. He also stresses the importance of two-factor authentication.
Thomas' bank continues to investigate how his money disappeared.
for more features.