For most of us, our phones are the center of our daily lives, and as a result, they contain a treasure trove of personal information, from banking details to messaging and email accounts. This sensitive data can be pretty enticing to a range of the nefarious, from cybercriminals to someone you may even know.
Phone hacking can involve the unknowing download of spyware that relays information on your activity – such as logging keystrokes to scrape passwords; spy apps downloaded by someone with access to your device; or other malware that exploits your phone, for example by using its internet bandwidth in a botnet, as occurred with malware that infected nearly 20 million Android devices.
“The most common way that smartphones can be hacked is to infect the device with malware,” says Victor Chebyshev, a security researcher at Kaspersky Lab. This malware can arrive on the device buried inside apps downloaded by the user – and the likelihood of a malicious app rises when downloading away from the official app stores, which police their content.
While iPhones aren’t immune to hacking, Apple’s strict vetting policy means the incidence of bad apps targeting iPhones (at least non-jailbroken ones) is lower than for Android phones. “Android devices are more susceptible to these kinds of attacks because they have the option to install applications from third parties,” says Chebyshev.
9 steps to figuring out who hacked your phone
A sluggish phone or fast-draining battery are common symptoms of a compromised phone – but they can also indicate your device needs a spring clean to spruce up performance or improve its battery life. Another red flag is if your data usage has gone through the roof – this could indicate a dodgy app is sending data back to its mothership.
“Whether a user can determine who is responsible for a compromised phone depends on what kind of threat was on the device,” says Chebyshev.
According to Verizon’s 2020 Data Breach Investigation, 86% of cyberattacks are motivated by monetary gain – for example, through selling someone’s stolen credentials on the dark web, gaining access to financial accounts, or hacking sensitive data and holding the victim to ransom. In these cases, hackers usually rely on malware that remotely exploits vulnerabilities in apps or operating systems to steal information (or in the case of phishing malware, trick people into inputting their critical data).
However, somebody known to you who wants to monitor your movements – whether that’s a disgruntled ex or suspicious parent – and who has physical access to your device might also be able to install a spy app that acts like malicious software, tracking your location, photos, messages and calls.
To narrow down the field of suspects, you can try to determine exactly how your phone is being compromised.
1. Check your phone bill
Are you being charged for premium-rate texts you never sent – or texts you never signed up for? You’ve probably been infected by malware that forces your phone to send or receive texts that generate revenue for cybercriminals. This common form of mobile malware is believed to be the first type found targeting Android, back in 2010, and today plenty of it is still floating around.
If you’re receiving premium-rate text messages, try texting STOP to the number. If this doesn’t work, you’ll have to contact your cell carrier who should be able to block the number.
If your phone is sending the texts, you may be able to fix it by running a security app such as Bitdefender or McAfee to find and remove malware (on Android only; security apps for iOS don’t have this feature). Also, try deleting any third-party messaging apps and any other apps you installed just before the phone started sending the texts.
2. Go through your apps list
If there are any apps you don’t remember downloading, look them up online to see if any of them have been reviewed negatively for malware or other suspicious activity. In this case, the apps will have been compromised by a hacker who likely isn’t targeting you personally but is distributing malware with the aim of scraping as much data as possible. The BankBot malware, for instance, is a trojan that has infected hundreds of Android apps to display a phishing screen to steal users’ banking credentials.
“If it was a regular trojan [malware coded within another app] the user will not be able to attribute who was responsible for the attack,” says Chebyshev. “If it was commercial spyware, it’s sometimes possible to figure out the responsible person.”
3. Look up your flashlight and battery-saver apps
Got a phone full of apps and can’t remember for sure which you downloaded? Some categories of apps have attracted more than their fair share of malicious actors – several flashlight apps on Google Play were infected with malware that tried to scrape users’ financial info, while one should be wary of battery-saver apps as they have often been used for malware, says Josh Galindo, director of training at phone repair service uBreakiFix.
If you have these types of apps, check online for any negative reviews. You can also try deleting them to see if this affects your phone performance. “If you install an app and the device performance decreases, that’s an indicator,” says Galindo. “If you uninstall the app and your device begins working properly again, this means that the app is likely contaminated with malware and you should avoid downloading it in the future.”
4. Double-check your favorite popular games
Downloaded a new super-popular game recently? Ensure it operates like it’s meant to – and validate that by looking up reviews online – otherwise it may be a scam version, potentially ridden with cryptojacking malware.
Cryptojacking trojans mine cryptocurrency unbeknownst to users, and their prevalence has risen on smartphones that when infected in thousands, can deliver attackers a high overall processing power. The idea is that, if a cryptojacker hacks other devices, they can get paid for mining without having to use their own resources (or pay the electricity bill).
On mobile, cryptojacking malware tends to hide inside innocent-looking apps such as fake versions of popular games. If your phone slows down, heats up and its battery is dying long before the end of the day – and you’ve tried to improve your battery life– it could be a sign that a malicious app like a cryptojacking trojan is hogging all the juice.
They’re mostly prevalent on Android – and if you’ve downloaded from non-official app marketplaces, the risk is higher.
5. Scroll through your call list
Done all of the above and still convinced that someone somewhere has your personal data, siphoned from your smartphone? Apps aren’t the only way a phone can be infected by malware. Have you picked up any random calls lately? “Callers offering a free cruise or claiming that you won a sweepstakes are likely scam efforts to hack your information or record your voice,” says Galindo.
6. Did you click that link?
If you recently clicked on a link on a text message or an unexpected pop-up, you may have inadvertently fallen prey to phishing. Phishing often preys on panic or high emotion – as in the coronavirus-related scam texts claiming that receivers had been exposed to someone with COVID-19 symptoms, and exhorting them to click for more information.
It’s often impossible to divine who is behind such scams, although you can report any phishing texts to your cell carrier and block these numbers.
7. Consider the last time you used public WiFi
According to Kaspersky Lab, one in four hotspots are unsecured, and even the ones that are password-protected could potentially be set up by someone with malicious intent. On top of that, the protocol (WPA2 or WPA3) that encrypts traffic between devices and routers can itself be vulnerable – as in the serious WPA2 flaw uncovered by researchers in 2017 that would have allowed certain traffic to be intercepted.
If your phone isn’t protected by a VPN and you logged into an unsecured public WiFi hotspot, it’s possible someone could have been spying on the connection – and scraped your sensitive information if you logged into your email or bought something online.
8. Is your iCloud safe?
iPhone user? A cracked iCloud login can allow someone to not only access your photos, but also make use of semi-legal spy software to remotely monitor your device’s calls, messages, contacts and location.
Luckily, enabling two-factor authentication for your Apple ID drastically reduces this risk, because if someone tries to sign into your account from a new device, you’ll receive an approval request and sign-in code on your iPhone (or other iOS/Mac devices linked to your Apple ID).
(To enable two-factor authentication, for iOS 10.3 and newer: Settings > [your name] > Password & Security. For iOS 10.2 or older: Settings > iCloud > Apple ID > Password & Security.)
However, a weak or reused password without two-factor authentication can put your account – and phone – at risk.
Here’s how it works: Many people use the same email address in their Apple ID as the login for dozens of online accounts. If this email address is revealed in a data breach, then hackers – who may purchase or find these login details at data dump websites – have access to your Apple ID.
Couple that with a weak password and your iCloud account can be breached by attackers who use cracking software to guess hundreds of hacked or common passwords in order to breach accounts.
Unfortunately, the same goes for an email and password combo that can be guessed or found out by someone you know who’d want to spy on you – especially if they can access your iPhone to use the two-factor code.
9. Run a security scan
Since most malware is designed to evade detection, you may not discover much on your own. Spyware apps – or stalkerware – is one category of particularly insidious apps designed purely to monitor a victim’s activity (rather than for any financial gain).
Security apps, particularly for Android, can help determine if your phone contains such a malicious app, as well as help fend off future cyber attacks by, for example, preventing you from visiting malicious webpages.
Android: Commercial spyware is unfortunately all too easy to find online. Such spy apps have system-level access to extremely detailed information about your device activity such as the messages you write, photos you take and GPS location – and what’s more, these apps are hidden from view.
They also need to be downloaded physically to your device, which means if they’re on your device it was done by someone with access to your device (and your PIN). Chances are, you can figure who in your life would want to monitor your phone.
To find out if you have such apps on your Android phone, download a security app such as Bitdefender or McAfee, which will flag any malicious programs. You can also head to Settings > Security > Device administration and check if “Unknown sources” for app installations is enabled (and you didn’t do it) – this allows apps from non-official app stores, on which there’s likely to be far more stalkerware.
iPhone: Spy apps on a non-jailbroken iPhone are far less prevalent since such software – which tampers with system-level functions - doesn’t make it onto the App Store. (However, they do exist and work via someone knowing your iCloud login and password.)
If your iPhone is jailbroken, that opens it up to potentially malicious apps that haven’t been vetted by the App Store, including spy apps downloaded without your knowledge.
Security apps such as Lookout and Sophos will alert you if your iPhone has been jailbroken – so if you’re alerted of this but haven’t done it yourself, that can be a red flag.
However, whether security software – for Android or iOS – can find spy apps will depend on how sophisticated or new the spy app is since security software scans for malware that’s already known. (That’s why it’s crucial to download updates to security software as soon as available since updates will incorporate new instances of discovered malware.)
3 steps to take if your phone has been hacked
1. Delete any apps or messages that may be malicious
If deleting them fixes any performance issues, great. Even if not, it’s a good idea to clear your device of apps that may have been flagged from that security scan.
You can also try shutting down apps one by one, as soon as your phone starts to slow down or heat up. If shutting down a particular app seems to return things to normal, that app may be malicious – or at the very least, not play too well with your device.
2. Do a factory reset
If after deleting the suspicious app(s) your phone is still behaving strangely, this nuclear option is a quick way of clearing your device of malicious – or sluggish – software left behind.
Android: Settings > System > (Advanced) > Reset options > Erase all data
iPhone: Settings > General > Reset > Erase All Content and Settings
3. Check if your information is out there
Unfortunately, many hacks and malware present few to no symptoms and often the only time people are aware of a breach is when their digital services are hacked, or, worse, they’re the victims of identity fraud, where hackers have used their stolen information to open accounts or lines of credit.
There are a few tools you can use to check if any of your information has already been compromised. Have I Been Pwned? is a website run by security developer and Microsoft Regional Director Troy Hunt that checks if email addresses have been exposed in breaches of popular apps and services.
Security apps including Bitdefender (Android) and Lookout (iOS) can also alert you if apps and services you use have been breached, putting your personal information at risk.
Depending on the scale of the data that has been exposed, you may want to set up a fraud alert at the major credit agencies, which will require any potential creditors to request additional verification of your identity.
Keeping your smartphone safe
If you find that your logins – particularly passwords – are floating around online, the first thing to do is to change your passwords. The best way to do that is to use a password manager which can automatically generate and save complex, unique passwords for each of your accounts. Check out our top-rated picks here. We like the Dashlane password manager, whose Premium version (from $4.99/month) also scans the Dark Web for instances of your emails or logins being posted for sale.
And to reduce the risk of future phone hacks, always observe general cybersecurity hygiene:
- Think twice before clicking links in SMSes, other messages and emails
- Review app permissions to minimize the risk of a malicious app download.
- Enable two-factor authentication for every online account possible – and especially primary emails and logins like your Apple ID.
- Download security updates for your phone when available to patch vulnerabilities that could otherwise be exploited.
- Protect your device with a PIN or biometric authentication.
Updated on 6/16/2020 with new tips and recommendations
[Image credit: phone hacker concept via BigStockPhoto]
Scammer numbers that could possibly hack phone
From John on May 23, 2019 :: 8:44 pm
Figured I would put a list of scammers that called me and a couple of my friends. That way robots could pick them up and call them. Dont answer they might hack your phone.
Editing out numbers in your list
From Josh Kirschner on May 24, 2019 :: 9:07 am
Most robocalls are now coming from spoofed numbers. So putting a list up here is most likely only putting up completely innocent people, not the spammers.
Please help! Been hacked over 2years & 7 devices!
From Jay cal on June 15, 2020 :: 12:06 am
[Email removed by editor]
What you need to do
From erebus666 on July 03, 2020 :: 5:19 pm
if you have a wifi box disconnect everything..
second thing upgrade wifi box and put a fire wall on the box..
you then need to put all your info on every device on a cloud or take everthing to a phone shop independent and get them to sync all the phones info to a usb.. this will be important later
you then need to factory reset phones with a new account..
clearly you are just using the one phone now.
others are important to keep with the history..
to make sure your sim card have not been cloned call up provider if you are using same number and ask for a brand new sim.
make sure you get a new sim card deliverd first before you do anything.
i can go on and explain what you need to do next if you are having trouble you can email me ?
that goes for anyone also
I've been hacked
From Rachelle on October 16, 2020 :: 4:28 am
Me too. I’ve changed phones Sims email accts. But she has everything she’s used my identity and accessed my accts. She’s followed me and installed cameras in my house while I’ve been gone. Even videos me and put me on the internet. And I don’t know how to catch her and press charges too. The police don’t help. If you know or have any help please forward it . thanks
This happend to me too!
From Laura on December 16, 2020 :: 7:41 pm
The exact thing happend to me. I would love to talk to you.
I need help
From Felicia Enfinger on December 31, 2020 :: 9:16 pm
Just read your troubles. I have someone bugging my phone. I’m certain its someone I know. If you can help me to find identity with the experience you’ve had, I would so greatly appreciate it.
From james on January 25, 2021 :: 9:17 am
Hey bro! did you ever figure out how to rid those spies? Im dealing with a very similar issue . i already know who , i just want to know how and whenLet me know what your cure was for both the phones and the computers. Thx
From Jeremy Birmingham on January 29, 2021 :: 9:46 pm
That is the same thing that is happening to me. It doesn’t matter if I get a brand new cell phone with in 1 week. It’s hard to use. My home wifi says my DNS is corrupt I’ve had three computers just crash for no reason two of them are brand new I live in Des Moines Iowa and they hack my phone and they follow me. It makes it in bearable at times.
Let me know
From Glen on June 09, 2021 :: 7:23 pm
I have had 30+ phones and dozens of accounts hacked. I’ve found that there are tons of ways to be hacked mostly people who are hacked its being done by someone they know or a public Wi-Fi. Or Bluetooth ssl or a fake network tower. Its sad that with all the technology people can be stalked and nothing ever happens to help this but yet it’s destroying peoples life’s and no accountability wth. Advice is a VPN and a 2end phone app with 2end phone number after changing your some card and phone number only give out your 2end line phone number because they can’t hack your phone with a shell app if they don’t have the real number. Add VPN because you don’t want your ip address compromised they can hack using that. Don’t allow social media to link to your phone or have your phone number and it helps to not add google account to your phone last thing is contact ic3.gov and file a complaint I haven’t had any help from them but at least it’s documented for future evidence if needed to procicute. Good luck
Living through it now
From Andrea Linne on June 14, 2021 :: 12:18 pm
Every device is hacked they listen and watch all email accounts also banking PayPal I’ve gotten new network 11 new apple ids a new phone made police reports they still are there-, they are using an iPhone 12 and a Mac and watches they have a program that follows my location. Sad they only do it when I am alone I feel your pain
From Wesley Hodgson on November 26, 2021 :: 1:14 pm
I can really sympathise with what your saying. Our digital lives are being used as a tool to harrass-intimidate-bully us. Not only for financial gain, sometimes just for fun. Only thing that you can really do is stop using social-medias. And to log-in to sites as guest. I’ve had a similar experience for about 3 years. Been through 8 android devices, which all end up broken or non-functional. Still searching for a solution that actually works. No joy yet.
From Bri on June 02, 2022 :: 5:27 pm
Hey! I feel you, has happened to me too. It’s completely debilitating. I feel like those people in the conspiracy theory movies. It’s terrible. I have found some things. Not much and I can’t get anywhere but its some thing. My gmail is attached somehow to google workspace. It shouldn’t be, I’m not in a school or anything. Check Google groups. Id never heard of it, but I am sorry I have now. Apparently anybody can sign up anyone else. I’m involved apparently in some weird weird shit that scares me. I can’t figure out how to ungroup. Its pretty much impossible. One other thing is somehow Google Home app is involved. They are controlling my stuff somehow with that and developers things and the workspace. I have lost 3 new devices and 2 laptops and I think it’s gotten into my families wifi. I don’t know how to stop it. Google One told me to go to the cyber crime team, aka FBI. Good Luck, hope youve figured it out, just realized this is 2 years old. Haaha!
Please ring me...I do not want you to think you are without help
From Jane Lockyer on September 01, 2022 :: 11:57 am
NO TECH SAVVY GUY IS GOING TO ADMIT THE REAL TRUTH….THEY KNOW EXACTLY WHATS GOING ON….IM INVINCIBLE…I TRUST GOD…0432611184
From Tina on November 04, 2022 :: 9:45 pm
I’ve been hacked through 19 phones, 21 Gmail accounts, 1 laptop over the course of 13 months!!! Everytime I start a new burner phone I’m hacked with a few hours or a few days. Help!! I’m pretty sure it’s an ex but I can’t prove it. I have about 9 police reports but the police think I’m crazy and don’t help! Please help me!!! Email me or even call me. 803207 0287
From Chris H on November 24, 2022 :: 7:52 pm
This has been going on for several years in my life. Small things hacked at first and then 8 months ago it went insane. Every device I own was hacked through Microsoft, GitHub, Google and Cloudfare to name a few. There are credit cards in my name, my business of 32 years has been destroyed and I have spent thousands of dollars trying to correct. I bought new computers, new routers, new phones but they get around all of it because they are embedded in the software app I use for work. Files have been stolen. They have broke into my house and office. The have gone as far as to hack my vehicles. I have been in court and the police tell me that what I am saying can’t happen. I have lost everything. I call for help but the people I talk to say some right things and then something will be said that makes me know it’s off. I have called Microsoft, Google, Apple, and GitHub. I have also paid for all of this through credit cards. I am mentally and physically exhausted. I read these stories and I wonder if any of you have truly received help. I just want my life back. I have literally tried everything. If anyone had any useful iformation I am willing to compensate. Any help or insight would be greatly appreciated. Thank you, C
Google Play store
From Ti c on January 27, 2023 :: 1:14 am
A lot of these apps that were downloading onto Google Play store with granting these apps permission to do things like access or cell phone cameras and microphones and all our personal files there may be only three actual permissions that you check the box for but if you run a security app on one of these applications you’ll find that within each permission you give there are probably 20 or 30 different things going on that you just gave permission for them to do one app in particular l i k e e asked for three permissions camera microphone and media when I scanned the app with a security application I found out that there were 53 permissions that I had inadvertently given permission to within those three check mark boxes that I checked I’d give them permission to monitor my camera and my microphone record audio and video at any time they please and Google Play is allowing these apps to remain in their store probably 50% of the apps in Google Play are corrupt and you would think that these permissions belong to the developers of the app no the app I spoke of earlier in the city of Bangladesh alone almost every user of the app has access to these permissions and are stalking me day and night through my phone now so the developers are giving their highest bidding users access to these criminal permissions how do I know this I stood in front of my phone in my underwear one day and the young lady I was speaking to made a comment on the style and color of the briefs that I was wearing it then became quite apparent to me that nearly all of the users on this application through the city of Bangladesh Dhaka some users in Arabia and some users in Russia all had access to these special permissions and you can bet your butt they have made my life a living absolute living hell and it’s very doubtful Google Play is going to penalize them for this because they are the second leading social media app out there right now l i k e e don’t download it folks it’s number two right behind tick tock and closely closing in it’s far too essential for Google to get rid of so they’ll probably get rid of me instead
Mate I know exactly how
From Sharon on May 29, 2023 :: 2:45 am
Mate I know exactly how you feel my life is just destroyed and I’m really sure that it’s my son? I don’t know how much longer I can put up with this torture and bullying but if there’s is a god I hope he really punishes these evil mongrals for the rest of their natural born lives
My phone has been compromised
From Monica on August 16, 2020 :: 4:46 am
My bank acounts my prepaid cards my chime acount were my stimulis payment is going to my phone itself my gmail google acount has been hacked im tured of changing my pass codes because i have to do it everytime i do i have to do it again. I dont know who to contact any more for help
Try this possible solution
From Jessica on April 02, 2021 :: 1:32 pm
This happened to me about a year and a half or two years ago due to an ex of mine and because he installed what he did on my phone that left me open to more vulnerabilities for fishing etc. I had to jump through many hoops and trials and tribulations with this situation LOL but in the end I learned that changing your password will not work if you were going to do it from your own phone that has been compromised because attacker can actually watch you in real time, set up
a new password and now….. they know your NEW password!..... so you need to Change all of your passwords from somebody else’s Device ,phone/tablet/computer/laptop
Just make sure that this person is someone that you trust
100% . This works for me and I hope it works for you also. Good luck to you!
I'm gonna go to a lawyer
From Melissa on August 11, 2021 :: 8:50 pm
I came to a idea….. Press charges to the person if you know 100 % but don’t ever give up if police don’t help…. I’ve been and still being hacked.. I just don’t know who yet but I have an idea who. .I have the persons name and he is on my fb account as the official owner!. I can change his settings bcus it’s my account so I put my middle finger up on the photo of him and I told all his social friends on fb that he is a child molester and I reported it. .but I’m about to take him to court who ever he is.
Change EVERYTHING !
From Marion Lutz on August 23, 2021 :: 12:31 pm
Unfortunately, fellow citizens, listen up closely:
When your smart phone an/or PC/tablet?laptop have been hacked into, its usually fatal.
Your identity and life as you"ve known is over! So; start a NEW LIFE! Don’t Let morally bankrupt sub humans with malignant intent, take the joy out of living.
Yes, its going to be some work to be done ahead of you! Bank accounts need to be changed as well as all credit cards, pass words, e-mails…etc. You get the idea.
Keep all new info ONLY to yourself! Trust needs to be earned. It can, it will…in time!
Remember: Unfortunately: Most enemies of your life; and I speak from devastating experience, will be someone within your very own household!
My dreams and aspirations lost PLEASE CONTACT WILL PAY OR WHATEVER TO JUST HAVE A GMAIL AND BANK ACC
From Jaime on February 26, 2022 :: 2:44 am
Wow reading comments I see a common them,all these things are happening to me, 15 Gmails and 5 phones returned. I did Astrology and makeup and started to become successful until this started and my venmo,vendors,, chime everything password changed or account unknown. Hell.most of these emails I made on my phone and they never recognize my device, They record tons of audio and my camera is always taking pictures. I put black t ape over my cameras. Bury my phone under the couch, check my bank at the library. I have seen my audio and recorded calls being exported to a. IOS,I have an android. Sometimes they toy with me and will close me out of a long application on line dead in the middle of 10 pages of info. They unfollow some if my best friends and somehow keep me from logging into my Astro.com where I create client charts. Nothing can be done. I bought a flip phone and they blocked my husband and all my contacts, I returned it the next day and went off the grid got a job at McDonald’s to help my hubby and get OUT of the house, started antidepressants and life was ok.i still missed my FB group and my hobby so I caved got a new phone it’s a little less in your face but they are back. It just took a night or two before that Gmail security email. I started making these emails names like sorryasshacker222, because I know they steal these and use them as emails recoveriesi. 2 factor identification. Isn’t there a way we can use our actual device as our security. You would think we would all uave a personal notduplicatable QR or code with encryption . Guys sorry for the book please please help.me at getting at least an email and an online bank so I can shop online and get to be like all these clueless happy mf’s who nobody is bothering . The geek squad quoted me 245 for 2 hours then said it would take at least 8, that’s outrageous. Basically it’s the wild wild west online and the only ones safe are the wealthy.
From Jane on July 11, 2022 :: 5:22 pm
Yes.. they get in through Google. Once in Google, they can go to your iPad..the IPad is your central control, not your wifi. Once in your iPad, they can control all your devices.
I tried deleting Google but it’s almost impossible to do it on all devices. Check your Google accounts for log ins.
I know who hacked my phone
From Natasha Mariano on September 12, 2022 :: 10:22 pm
I’m pissed off I thought this chick was my best friend out of all her family. Hell no she’s a two face. Tiffany Jones aka Joe dirt. I mean I truly loved her like a sister and she lied to me when I asked her face-to-face an the bitch denied it. But yet I still knew. Now she’s listening to everyone’s conversations. I mean bitch get a life an worry about yourself I mean fuck you stink can’t you smell anything. Because you pushed my fuckin buttons by hacking all my phones I never done shit to you but help you. And in return you do this shit. Lie to people about me when it was you this whole time. I’m sorry to say this but you mean nothing to me. I trusted you. Now I don’t want anything to do with you. But yes I tried telling the truth so now only one person believes me. So Tiffany Jones good luck I’m making a report on you I’m tired of your shit. So get this person off every Google she doesn’t deserve to be wrecking peoples lives cause I almost took my own life because of her. If you guys don’t want to do anything about it I’ll report yall.