What to Do If Your Phone’s Been Hacked

Stories of heroes or villains putting their life — or heart or soul — into a box or other object have been around for centuries, from folktales of Koschei the Deathless to the Horcruxes of the Harry Potter series. That metaphor gained a whole new reality with the arrival of smartphones, and now ordinary people also place their lives in an object. It’s a tremendous convenience having such a powerful device in your pocket, but if your phone should be hacked, the attacker can make your life very complicated indeed.

Signs Your Phone Has Been Hacked

Most of the tells that signal a hacked phone aren’t conclusive on their own, because they can all happen legitimately for other reasons. It’s when you start seeing several of them at once, or when they appear abruptly rather than over time, that you should start to be alarmed.

Sometimes your phone itself will show specific symptoms:

  • Performance may become sluggish, and your phone might freeze periodically.
  • It may run consistently hotter than usual, and battery life drops sharply.
  • Wi-Fi or Bluetooth may appear to be on even when you haven’t turned them on.
  • Calls and gibberish texts may come from unknown numbers.
  • You may find apps you don’t remember installing.
  • There may be a sudden increase in pop-ups.

Other warning signs may come from outside sources:

  • Friends might suddenly start seeing your emails going into their spam folders.
  • Your phone bill may show sudden spikes in data usage.
  • Mysterious purchases may show up on your accounts, or even at your door.

How to Prevent Hacking

Unless you’re a celebrity or have access to unusually sensitive information, most hackers aren’t gunning for you personally. They’re casting a wide net, using a few well-proven techniques to install malicious software on your phone or steal your personal information — or possibly your identity — directly. 

The Play

  • Phishing: Sending you spam emails or messages disguised to look like a legitimate email supposedly coming from a contact or a company you do business with, suggesting you click a link or reply to a given number. If you do, they gain access to your phone.
  • Shady Apps or Browser Add-Ons: Shady software often includes a malicious payload of code that compromises your phone.
  • Public Wi-Fi: Public Wi-Fi hot spots are unencrypted, so hackers can see traffic between your phone and the router. That includes capturing logins, passwords, credit-card information and anything else.
  • Bluetooth: A live Bluetooth connection literally proclaims to the surrounding area, “Here I am! Connect to me!” Hackers can use that to connect to your phone and compromise it.

The Precaution

  • Phishing: Use your judgment. If the message seems out of context for this friend or company, don’t open it or reply. Instead, contact that person or company directly to verify that the message is legit.
  • Shady Apps and Browser Add-Ons: Only install software from the official App and Play stores, or from the sites of trusted developers.
  • Public Wi-Fi: Don’t log into your banking or PayPal accounts using public Wi-Fi (and resist the urge to online shop while out and about!). Set your phone to not connect automatically to hot spots, tell sensitive apps to use cellular data rather than Wi-Fi, and turn off the Wi-Fi when you’re not using it.
  • Bluetooth: As with Wi-Fi, turn it off when you’re not using it.

Sometimes the biggest threats aren’t hackers at all, but people you know and trust who have physical access to your phone. Spy programs are readily available from the Play and App stores, and once they’re installed you won’t know they’re there. These apps are marketed as a way for parents to keep tabs on kids or for employers to monitor the use of company phones, but they’re just as useful for jealous partners or unscrupulous co-workers.

The preventive for this kind of attack is to use a lock screen, and a strong password or biometric authorization. It helps if you’re conscious of not leaving your phone where others can find it and not lending it to others except under your direct supervision.

Removing a Hacker From Your Phone

If you think your phone has been compromised, your first step should be to go through and manually delete any apps you don’t recognize and didn’t install. The next step — especially if some refuse to uninstall — is to purchase and run an antivirus/antimalware product on your phone. These can root out many types of malicious software.

If you’ve been receiving cryptic messages, calls or texts from unknown numbers, use Spokeo’s search tools to track them to their source. Often that’s hidden, but sometimes the results may help identify your hacker to law enforcement.

In a worst-case scenario, you may need to factory reset your phone. This will eliminate any kind of malware that might be on it, so you’ll know right away whether the problem was indeed a hacker or whether your phone is just on its last legs. If that’s the case, you can get a new phone and count your blessings.

A factory reset strips away all of your personal files, but if your phone does indeed work fine after the reset, you can sync with your backups to restore them. There is a risk that your most recent backups are tainted by the malware, so your best bet is to use a previous set.

If you still have problems, reset the phone again and start over with an older set of backups. You’ll still lose some of your most recent data, but it’s better than losing everything.