Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

How to Tell if Your Phone Has Been Cloned

by Natasha Stokes on March 30, 2020

Our phones are the key to our digital identity, so it’s no wonder that mobiles have become increasingly attractive targets for cybercriminals, who have at their disposal a fair number of ways to hack a smartphone, some of which require more access and technical savvy than others.

Phone cloning – or the copying of the identification credentials a phone uses to connect to cellular networks – is one method that usually requires the perpetrator to have direct access to a device. That makes it less prevalent than, say, hacking an operating system vulnerability that hasn’t been updated, but the consequences are equal to that of most phone hacks – your personal data is exposed, with potential financial consequences or identity fraud.

What is phone cloning?

It’s worth distinguishing between “cloning” a phone’s data – which spy apps semi-legally offer as a way to spy on the photos, texts and calls of another device – and totally illegal phone cloning, which refers to the copying of a phone’s complete cellular identity and using it in another device.

In cloning a phone’s cellular identity, a criminal would steal the IMEI number (the unique identifier for every mobile device) from the SIM cards, or the ESN or MEID serial numbers. These identifying numbers are then used to reprogram phones or SIM cards with the stolen phone number.

Then there’s also the emerging threat of SIM hijacking, where hackers who have access to stolen phone numbers call up carriers and impersonate account holders to get a new SIM the hacker controls. This method, which relies on social engineering tactics to find out personal information that carriers use to authenticate customer accounts, differs from the highly technical method for SIM (or phone) cloning, but the end result is the same – to gain control over someone’s phone service.

Once the perpetrator has control of the phone line, they can send messages and make calls that appear to be from that phone number, with the bill footed by the victim. If a cloned phone and the original are near the same broadcast tower, it could even allow the perp to listen in on any calls made by the victim – though that’s probably not the main driver for phone cloning.

The bigger danger is that text messages and calls intended for the rightful owner of the line can also be intercepted – including two-factor authentication codes that allow snoops to get access to critical accounts like email, social media and even banking. (The vulnerability of text messages is one reason why experts recommend other methods of two-factor authentication.)

Phone cloners might also target political figures for surveillance: in February this year, South African state security ministers were reported to have had their cellphones cloned, the crime was detected when several people reported receiving text messages from a minister who hadn’t sent them.

Or, cloned phones might be used to generate revenue, sold to people who aren’t aware they’ve purchased a fraudulent handset with stolen credentials.

How phones get cloned

Most phones have SIM cards whose IMEI numbers are protected by secret codes that prevent over-the-air interception. But if someone is able to remove the SIM card and place it in a SIM reader for a few minutes, they can copy all its identifying credentials to load onto a blank SIM. (This technically includes anyone who might get time alone with your device – but as with phone spying, you’re likely to have an inkling if there’s anyone who might want to do such a thing.)

Researchers have also found a vulnerability in the existing protocol that is used for over-the-air carrier updates. Though rarely used, this flaw could in theory allow hackers to remotely clone a SIM.

Some older phones are more vulnerable to remote attacks. Those running on 2G or 3G CDMA frequencies, which are used only by the Sprint and US Cellular networks (Verizon retired its CDMA network at the end of 2019), broadcast to the operator in a way that would allow special equipment – like a femtocell – to eavesdrop on the connection and intercept handset ESN or MEID serials.

That means older CDMA phones, such as flip phones or 3G-only regular and smartphones, that are locked to either Sprint or US Cellular may be at a slightly elevated risk of remote phone cloning. All that said, however, phone cloning is not as common as it was in the early days of mobile phone use, when the radio frequencies in use were much easier to eavesdrop on.

6 Signs that your phone might have been cloned

If you think your phone might have been cloned, check for these signs which can indicate someone else is using your cellular service, such as:

1. Receiving an unexpected text requesting you to restart your device

This may be the first sign that your phone or SIM has been compromised – restarting your device gives the attacker a window in which your device is off and they can load their phone with your cloned credentials.

2. Calls or texts on your cellphone bill that you don’t recognize

Any outgoing texts and calls made on the cloned device will seem to be coming from your phone number – and land on your bill. Even if you don’t have an itemized bill, international calls will show up here, so keep an eye on your monthly payments and double-check when you pay more than usual.

3. You stop receiving calls and texts

If someone else has control of your phone number, calls and SMSes may be diverted to their cloned device, or your cellular connection stopped entirely. Check this by having a friend or your partner call you to see if the call rings and if it comes through to your phone.

4. You see your device in a different location on Find My Phone

Logging into Find My iPhone or Google’s Find My Device can be a way to check on the integrity of your SIM. If your phone’s on your desk, but on the map appears to be somewhere else, someone else may be using your cell service. (Chances are, phone hackers would disable this setting, however.)

5. You get a message from your carrier saying your SIM has been updated

If your credentials have been activated on a new device, your network provider will probably send a message confirming your details have been updated – a major red flag if you haven’t done anything. This can also be the point at which you find your device no longer has cellular service.

6. You’re mysteriously locked out of your accounts

You might even find someone has commandeered your email accounts and social media handles – as in a spat of Instagram hacks based on stolen phone numbers (in these cases, however, the SIMs were hijacked by attackers who had gleaned enough personal information online to fool carriers into switching over the SIM cards). Either way, someone having control over your phone service means they can do things like trigger a forgotten password, receive a two-factor authentication code to the phone number they now have access to, then change the password and access any account they know your login name for.

If the worst has happened and your phone has been cloned, you need to call your cellular provider. They should be able to detect and block the cloned device, because each handset has a unique radio fingerprint independent of that serial number that originally belonged to you.

Can you prevent phone cloning?

You can help protect your phone from this type of cloning by observing the same cybersecurity practices that keeps your online life safe:

  • Check that carrier texts are coming from legitimate numbers – for example, do they show up in the same message thread as previous carrier texts?
  • Train a skeptical eye on any text that requests you do something – are they worded in the way you would expect? What do Google search results have to say about the sender’s number?
  • Finally, treat your phone’s IMEI, ESN or MEID number like any other password - never send it to anyone or give it to any website you don’t trust.

Cloning isn’t the only way your phone can be compromised. If you have concerns about the security of your device, read our story on how to tell if your phone has been hacked.

[Image credit: phone hacking concept via BigStockPhoto]


Topics

Tips & How-Tos, Phones and Mobile, Privacy

Natasha Stokes has been a technology writer for more than 7 years covering consumer tech issues, digital privacy and cybersecurity. As the features editor at TOP10VPN, she covered online censorship and surveillance that impact the lives of people around the world. Her work has also appeared on BBC Worldwide, CNN, Time and Travel+Leisure.


Discussion loading

gravatar

From Tembs on February 24, 2022 :: 6:03 am


Hi.

My friend just messaged me on WhatsApp asking, why am I selling him cryptocurrency, when I didn’t.

Long story short, I asked him to send the said accounts number and it is mine. The profile has my DP on it, my name and my number, but it’s not me.

Mindboggled.

Reply

gravatar

From Pat on April 22, 2022 :: 2:24 pm


Experian sent me a message that my phone number was located on the dark web. I receive text msgs on my phone regarding porn, etc. I do not open these messages, just delete them. I’m wondering if the cloned phone can see my text messages, emails, contacts, etc. on my phone, and how can I protect my phone? Do I need to change my phone number?

Reply

gravatar

From Marco on May 08, 2022 :: 4:54 am


My wife iş receiving calls from her own number, which iş a common fraud trick here in Brazil. The weird thing iş that her number calling appears to her with the name İ gave it and under which I registered it in my contact list,a very peculiar öne with emoticons in it, no one could imagine. One would only know by accessing the contact list of my phone or my account in apps exhibiting those names (eg whatsappweb, maybe signal…)

Reply

gravatar

From A friend of a friend on May 30, 2022 :: 5:26 pm


Ok….my friend has her phone cloaned….pretty positive!  He has taken over her phone, Google acct, recording her thru her apps, he has been stealing from her, her elderly father, and now I need to know what to do to help her take control of the situation!  You can’t call her phone or send any sort of notifications b/c he gets it also!  She is a strait talk subscriber!!!!!  So, this is NOT her info, it’s her friends!!!

Reply

gravatar

From Tonya on June 14, 2022 :: 2:16 pm


My phone number is the only number on my ex boyfriends call logs but he never calls me. What is going on here and what do I do about it? Is someone else using my number like his new girlfriend?

Reply

gravatar

From GabrielaS on July 13, 2022 :: 6:10 am


I am pretty sure my iPhone was cloned, too. My iPhone was disabled one year ago with no reason, I had to download the software from the apple website again. I have had many signs that this happened. My assumption is that apple (the guy there) knew about it. Besides, I got the message below several times, as if I left and got into the country: “Die Bundesregierung: Willkommen/Welcome! Bitte beachten Sie die Test-/Quarantäneregeln; please follow the rules on tests/quarantine”

Reply

gravatar

From Josh Kirschner on July 19, 2022 :: 10:26 am


I’m assuming you’re getting that text message when you enter Germany. That is a standard alert from the German government about Coronavirus restrictions that all (most/many) travelers receive. It is not a sign of cloning or any type of hacking.

Reply

gravatar

From GabrielaS on August 04, 2022 :: 8:09 am


I got that message several times, AS IF I had left and got into the country.”

Except I did not leave and enter the country.

Reply

gravatar

From GabrielaS on August 04, 2022 :: 8:16 am


Some times, I tried dialling a number saved in my agenda, but it wouldn’t call, no reaction from my phone, tough I had coverage.

Other times, I would call someone several times, but they had only one missed call. Or I would call just once but they got several calls.

I would also hear echoes and other sounds like the beep one, as if some device was trying to intercept my calls.

Several times, I got calls back from people saying I had called them, which was not the case. They either was making it up or someone else did it with my number.
Lots of weird stuff…

Reply

gravatar

From Josh Kirschner on August 04, 2022 :: 5:03 pm


Spam callers will often spoof real phone numbers to make their calls seem less suspicious. So if someone calls you back saying they received a call from your number, that is likely the cause. It happens occasionally to me and other Techlicious folks, too. There’s no way to stop it, we just need the phone carriers to fully implement STIR/SHAKEN to stop this type of spoofing.

gravatar

From James on July 23, 2022 :: 9:46 am


My coworkers have tried to call me and at times they would get someone else. I restarted my phone every time it haven’t. I have an unlimited plan so I never felt the need to check my records. Side question I was trying to switch carriers and they us my IMEI number as my account number, but the number wasn’t the one for my phone. What’s going on there?

Reply

gravatar

From Josh Kirschner on July 25, 2022 :: 8:40 am


I’m surprised that your carrier would be using an IMEI as your account number. The IMEI is unique to each device, so every time you get a new phone it will have a new IMEI. So if this isn’t the same phone you had when you started the service, that would explain why they are different.

As far as your coworkers getting someone else, my first thought is always that they simply have the wrong number listed. But if it really is happening, perhaps (just speculating here) you turned your old device back into your carrier and they re-issued it to someone else. And if it is one of those really cheap carriers that tries to save money by forcing calls onto Wi-Fi when available, perhaps their operating system uses the IMEI to route calls to the device when on Wi-Fi and their records still have your number associated with your old IMEI.

I would be curious what the answer is here if you find out.

Reply

gravatar

From Andy m on September 22, 2022 :: 2:24 pm


Over the past few months, my huawei honor 10 has been playing up, freezing on various apps and either restarting itself, or me having to hold down the power button. On 6 different occasions over this timeframe, there have been numerous apps appearing, for instance phone clone, age of assassins, spiderman, various games, Facebook and insta, (none of which which i use). Also an unfamiliar light blue browser app. I uninstall them, run various security checks, I have changed my phone number, all my passwords several times. I have been running find my device, and on one occasion I sawa PC in China connected which I immediately kicked out. It appears that someone has acquired my imei number or something. Time for a new phone and sim!

Reply

gravatar

From Dave on October 26, 2022 :: 6:39 pm


I recently learned that my phone(s) have been cloned over a number of years.  Some guy named Travis who worked in either an ATT store or call center had been using my phones identity through each phone upgrade.  ATT help desk finally helped me and are pursuing this guy.  My weird text and odd phone call numbers have dropped significantly and I’ve already seen a pretty dramatic drop in my used data.

Reply

gravatar

From Charles Anderson on January 15, 2023 :: 8:35 pm


I have some unusual activity on my Galaxy A12 , and suspect cloning. Can my Expressvpn be used illegally on another person’s device, and how would I monitor such activity? I addressed this issue with ExpressVPN
Support, and the technician asked me
“What is cloning a phone?”
Am I just being too paranoid?
My wife and I recently had an identity theft issue, so I went to
Duckduckgo and ExpressVPN in an attempt at better security.
Thank you in advance for any assistance.

Reply

gravatar

From Josh Kirschner on January 18, 2023 :: 12:17 pm


ExpressVPN requires that you log in with your credentials to use it. So, even if somehow your phone was cloned, it wouldn’t give anyone access to ExpressVPN or other apps.

That said, a Galaxy A12 is a pretty modern device and it’s very unlikely for it to be cloned. It’s possible someone acquired a cloned SIM for your account through your carrier or via direct access to your device. What is the “unusual activity” you are seeing?

FWIW, there are a number of ways you could have fallen victim to identity theft. Neither using Duckduckgo nor ExpressVPN will help mitigate the majority of those threats. In fact, Duckduckgo may make things worse by including phishing sites in results that Google may be more efficient at weeding out.

Reply

gravatar

From How do you prove the phone was cloned on June 21, 2023 :: 5:40 pm


Is there any way to prove the phone was cloned?
Is there any way to catch the person that cloned the phone.
how do you prove to law enforcement that it is not you sending those messages?
How would I go about catching the person that??
Is there any way to catch them?

Reply

gravatar

From Rachel menuey on July 06, 2023 :: 7:44 am


Been spoofed,  ghosted, and hacked, by [names redacted].  From burned phones. Leaks on all social media sites cause they made fake pages of me.

Reply

gravatar

From MrmrsThomas Mt on July 06, 2023 :: 4:08 pm


Is my phone cloned when there is dubble of every app

Reply

gravatar

From Josh Kirschner on July 06, 2023 :: 5:23 pm


Certain phones - Samsung, OnePlus, Xioami - allow double or “cloned” apps. However, you have to enable this and approve each duplicate app manually. What seems more likely is that something became corrupted in your operating system causing Android to not recognize the apps on your device and it downloaded them a second time, as a result.

If you back up everything on your phone and do a factory reset, I would bet it resolves your issue. But let me know if it doesn’t.

Reply

gravatar

From John on July 19, 2023 :: 5:19 pm


I encountered the same problem. How are you dealing with it ?

Thank you

Reply

gravatar

From Andrew on July 31, 2023 :: 8:49 am


Hi!
I have noticed that I get IMEI number for my phone number in following format on my Android phone:  ××××××××××97/01. What does “/01” suffixed to “××××××××××97” mean? Does it mean that this IMEI number belongs to only one handset, that is, my handset or does it mean that there is one more handset having my phone number’s IMEI number?

Reply

gravatar

From OMMFG on September 01, 2023 :: 11:23 pm


With SIM cards used for the past 4 or 5 years now, there is no way to clone a phone! Fact! The ONLY way for someone to steal your phone number to to get a new SIM card from your carrier and they would have to know your account information as well as your security code/pin. Then they would also have to change your email, mailing address… Then when they have done that, your SIM card is deactivated when the new SIM is activated on whatever phone they are using. However, you would only need to call your carrier (can even use your deactivated phone to do this) and prove who you are by giving them the correct info, and then they will send you a new SIM. Then you make sure you have changed your security info with the carrier, and this is over. Takes less than an hour from the time they activate the SIM to you getting it deactivated and your account back. You just have to wait for the new SIM or go to a local branch to get it then and there. So other than the short term and the possible accounts that they may have accessed during that hour, the ordeal is over and would be very, very hard for them to do it again.

Now if someone has physical access to your phone and is able to login to it, then there are tons of apps that can be installed that will spy on what your do on your phone and they can even get your passwords and other security information and well as see who you text, message, what you send, who you call, and what images you take see and websites you visit. They can see who you call, but most of the time, they cannot hear who you talking to. These apps can use the mic on the phone to listen to you, but they cannot hear what the other person is saying, unless the speaker is loud enough for the mic to pic it up. They can also send audio to the phone, track it, and more. However, without the phone being rooted (and you would know if your phone was rooted) all you would have to do is a simple factory reset, Google does not backup third party apps, only the ones from the Play Store, and then you can restore almost everything you need from Google. Make sure to change your passwords right after factory reset and then you are golden. There is no need to go out and spend money, to hire people, or get that friend to help you do this or that to help you hide, unless its a physical thing and then, please call the police get help however you can, get a gun, whatever you need to do to protect yourself. Resetting your phone is really easy, just make sure that you have ran a backup and that you check that your pictures are backed up using the Photo’s app, such. You can find all of the easy to follow steps on Google’s help pages on how to back up your MMS images and how to do the Factory reset and how to change your password. Also, you can install Malwarebytes on your phone, and Avast, for free and they will scan your phone. They are pretty good.

As for all that talk about groups of people out to get you and all of that, that several of you believe to be happening, that is a real mental illness and you really need to get help before you hurt yourself or someone else.

Reply

gravatar

From PV on October 04, 2023 :: 4:31 pm


Screenshot everything that’s happening record your screen! Change all your passwords use a password app reset every device in your house turn everything off and reset everything and change providers and then turn everything back on after you’ve reset everything to brand new do not open any old emails that you were using previously they set roots in every wireless device in your house and reconnect to your new devices as you bring new items home like telephones! it happened to me too. It destroyed my life in my business sheriff and FBI did nothing to help me. You have to take care of yourself by yourself a premium Geek Squad account and take your devices in and have them clean and never use the same password over and over.

Reply

gravatar

From Lil Lady 73 on December 06, 2023 :: 5:00 am


I have been experiencing people knowing my personal business/activity threw texts and conversations 8 have had on the phone when they are not even around. Is it possible for others to receive copies of my text messages? Also, I am receiving text messages from numbers I associate with but what is being said in the texts sometimes do not sound like something they would send, or would say in the texts. Also it seems as though some of ...a lot of the texts I’m receiving I have received in the past from other people I have had conversations with in texts. I also received a text or call from my boss and if I do not respond, I will receive a call or text from another one of my contacts number but once I respond to my boss, I do not receive any more texts or calls from my other contacts numbers. What is going on.

Reply

Read More Comments: 1 2

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.