Is Your Phone Safe From Hackers?
Hackers, scammers, and criminals know that your phone is a goldmine of personal data that offers access to your most sensitive accounts.
Phone hacking is so lucrative that entire industries have been created for the sole purpose of hacking your phone. In 2020 alone, 45,000 malicious apps were identified in app stores [*], with 44% of fraud incidents occurring in mobile applications [*].
But hackers don’t need to devise sophisticated scams to hack your phone. Malicious links, smishing (text message phishing), and even online dating scams can all give hackers access to your phone — and everything on it.
So, how can you tell if your phone is hacked? And if you see the warning signs, how do you regain control of your device? In this guide, we’ll explain how to recognize if your phone has been hacked and what you can do to protect your devices from hackers.
Can Your Phone Really Get Hacked?
Phone hacking occurs when bad actors — such as hackers, cybercriminals, or even deceitful friends — access your phone or your phone’s data without your permission.
Fortunately, phone hacking isn’t the easiest way for someone to access your personal or financial information (especially given how advanced mobile security has become). But unfortunately, the payoff is nonetheless large enough for scammers to target your device. It’s estimated that 17.8 million phones were infected with malware in 2020 alone [*].
Hackers know that your phone is a single access point for your most important data and accounts. When bad actors hack your phone, they can commit all sorts of scams, including:
- Device takeovers: Sometimes hackers are only interested in using your device — not accessing your data. Scammers use hacked devices for cryptojacking (mining cryptocurrency in the background), ad-spamming, or as a means to carry out other cyber attacks.
- Data leaks and exposure: The data on your device — passwords, PINs, passcodes, etc. — are valuable currency for scammers. They can use your information to steal your identity or even sell it on the Dark Web to other hackers.
- Accessing sensitive photos for extortion: We often keep sensitive photos or information on our cell phones. Scammers can use these for extortion — or leak them online. (This is what happened during CelebGate, when major celebrities had their iCloud accounts hacked.)
- Spying and stalking: A former lover or controlling family member might install spying software on your phone to keep tabs on you. These sorts of phone hacking scams can put you at risk of physical harm.
- Breaking into your workplace: Hackers know that we use our personal devices for work, so they could target you to get access to your company’s data and networks. Remote workers who use mobile phones spend 80% of their time outside of their company’s cybersecurity-protected network [*].
- Identity theft and financial fraud: There’s more than enough information on your phone to allow scammers to steal your identity or access your financial accounts. If they get access to your phone, hackers can engage in credit card fraud or even drain your bank accounts.
Can iPhones be hacked? The Shocking Truth
You may be thinking, “But I’m using an Apple device. They can’t be hacked, right?”
While Android phones and devices are common targets of hackers, iOS devices can also be hacked. In 2020 alone, over 1,200 malicious apps were available in the Apple app store — and were being downloaded more than 300 million times a month [*].
That said, Android devices are still more vulnerable to hackers.
Security and software updates don’t always hit Android devices at the same time. This means that older devices are often missing key updates to fix known vulnerabilities. The Google Play store is also rife with malicious apps — with over 100 million devices falling prey to bad apps that are designed to steal your money [*].
Signs Your Phone Is Hacked
Phone hacking can be a sophisticated scam. But there are telltale signs that your device has been compromised, including:
- Your phone's battery loses charge faster than usual. Reduced battery life is one of the first signs that your phone has been hacked. Malicious apps that run in the background will drain your battery more quickly than usual.
- Higher than expected data usage. Hacked devices will often use more data than you typically use. If you start to get warnings from your phone carrier about high data usage, or if you receive a larger bill than expected, check your device settings to see which apps are using up your data.
- Your device is acting strangely and working slowly. Poor performance, unusual activity, and device crashes are all signs of a compromised phone (for example, apps take a long time to load or switch).
- An abnormally hot phone. Malware will use up or strain your phone’s resources. If your phone is warm or even hot to the touch, this could be a sign that it’s been hacked.
- You’re seeing new apps on your phone. Be especially aware of unrecognized or suspicious apps on your homescreen. Some malicious apps will install new apps, with the hacker hoping that you don’t care or notice.
- You constantly have to quit or close specific apps. If an app opens without your clicking on it, it may be part of a hacking attack.
- You receive strange notifications and pop-ups. Phone updates can sometimes alert you of hacking. For example, some malicious apps automatically copy data to your clipboard. But a recent iOS update will alert you if an app is “looking at” clipboard data [*]. Don’t ignore these messages.
- You’re locked out of your Apple ID or Google account. Hackers will often quickly change your passwords and lock you out of critical accounts. If you can’t access your Apple or Google account, this is a major red flag that your phone has been hacked.
- You can’t log into your online accounts. Hackers use a compromised phone to gain access to your other accounts (known as Account Takeover Fraud). If your passwords aren’t working for your email, social media, or other accounts, it could be a sign that your phone was hacked.
- You receive 2FA codes you didn’t request. If you start to receive two-factor authentication codes on your phone or in your email, it could be a sign that a hacker has your password and is trying to log into one of your accounts. Don’t enter the code, and change the account password immediately.
- Your camera or microphone indicator light turns on. Stalking and monitoring apps will use your microphone or camera in the background. If your indicator lights or icons randomly turn on, this could be a sign of a hacked phone.
- Your phone number and other information was leaked in a data breach. While not exactly a sign that your phone is hacked, if your personal information is on the Dark Web, it means you could be an easy target for hackers.
Any of these warning signs can indicate that your phone was hacked. But how did it get hacked in the first place?
How Do Phones Get Hacked?
- Downloading malicious or infected apps
- Browser pop-ups that claim your device is infected
- Phishing attacks implemented via email, text, or phone calls
- Stalkerware and stalking apps
- Wi-Fi attacks
- Apps with too many permissions
- Verification code scams (2FA scams)
- SIM swapping
- Charging station hacking (i.e., “juice jacking”)
There are a number of different ways your device can get hacked — some more dangerous than others. Here are the main phone hacking scams to watch out for:
1. Downloading malicious or infected apps
Hackers will develop and market free apps that are really malicious apps in disguise. For example, users may be fooled by flashlight apps that steal location data, or free games that install crypto-mining software in the background.
In other cases, scammers may hack or infect a legitimate app to trick you into thinking it’s safe.
These malicious apps take over your device’s resources and may even make your phone part of a botnet — a group of infected devices used to carry out cyber attacks like DDoS attacks.
How to avoid downloading malicious apps:
Only download apps from official app stores like the Google Play Store or Apple App Store. If anyone tries to get you to download an app — even an app that you recognize — from an external source, be cautious. Apps that change owners or developers may also be an indication of a potential problem.
You can also check your battery and data usage to find pesky apps that are siphoning your device’s processing power. Go into your settings, and check both your battery and data usage to see if there are any unfamiliar apps at the top of the data and battery usage data.
Pro tip: Protect your devices with antivirus software. Aura’s antivirus software will scan all your devices for malicious apps and alert you if you’re at risk. Try Aura free for 14 days →
2. Browser pop-ups claiming your device is infected
Hackers will use your fear of being hacked against you. In these scams, you’ll receive browser pop-ups claiming that your device has been infected with malware and that you’ll need to download an app to “fix” it.
These apps are usually listed as “scanning” or “clean up” apps. But in reality, they’re designed to spy on you and steal your sensitive information.
How to avoid fraudulent browser pop-up scams:
Ignore any claim that your device has been infected. Websites and ads can’t scan your device, and these are always scams.
Also, question where the ad or pop-up is coming from. Malicious pop-ups are most often found on less popular websites or sites that exercise less scrutiny over the ads they run (such as adult websites). However, hackers have also started targeting legitimate sites to run these ads. In 2021, hackers compromised 120 ad servers, affecting hundreds of millions of sites [*].
3. Phishing attacks implemented via email, text, or phone calls
Phishing attacks occur when scammers send you unsolicited messages or use legitimate-looking websites to trick you into giving up your personal information.
Here’s how the scam works:
- A hacker will send you a fake text message or email claiming to be from an organization or company that you trust (like Amazon, Google, or Apple).
- The message will ask you to either click on a link, download an attachment, or go to a website and “verify” your account information.
- But any link that you click on could infect your device with spyware — while information submitted to a phishing site goes straight to the scammers.
Phishing and spam emails are still the most common types of attacks. However, mobile-specific phishing sites have increased from fewer than 50% to more than 75% of all phishing sites [*].
How to avoid phishing attacks:
First off, never click on links or download attachments from unsolicited emails or messages. If the message claims to come from a company you know, contact them directly. The same goes for phone calls. If someone calls you and leaves a message, don’t call back at the number they provide. Instead, call them back at the company’s official phone number.
If you click on a link and it takes you to a website that requests you enter your account information and password, check for signs of a scam. This could include:
- A misspelled domain (for example, “Walmrat” instead of “Walmart”)
- An unexpected domain (for example, “Airbnb-support.com” instead of “Airbnb.com”)
- A “non-secure” URL (a secure URL uses “HTTPS” instead of “HTTP” and will include a padlock symbol in the URL field).
4. Stalkerware and stalking apps
Technically, stalkerware apps are legitimate apps that allow you to monitor someone’s activity.
Many of these apps are marketed toward parents as a way to keep track of their children. However, one of the main features of a stalking app is that it remains hidden or disguised as a different app. This allows them to be used for nefarious purposes, such as stalking a former lover or coworker.
How to avoid stalking apps:
A hacker needs physical access to your phone to install stalkerware. Make sure you know who has access to your devices, and always be on the lookout for strange or unrecognized apps.
5. Wi-Fi attacks
Public and even home Wi-Fi networks are notoriously easy to hack. Hackers can use what’s called a man-in-the-middle attack (MitM) to monitor and intercept any data that you submit — including account usernames and passwords.
Scammers can also hack Bluetooth devices (such as smart speakers or other internet-of-things devices). Avoid pairing your phone with unknown Bluetooth devices or connections as they could be a hacking trap.
How to avoid Wi-Fi attacks:
Avoid public Wi-Fi as much as possible, and use a mobile data hotspot instead (which are harder to hack). Be equally vigilant with seemingly safe Wi-Fi networks, like those found at Starbucks or in airports. The FBI has issued a warning about cybercriminals using fraudulent airport Wi-Fi networks to steal identities and financial information [*]. (This is only one of the many dangers of using public and unsecured Wi-Fi networks.)
Pro tip: Use a virtual private network (VPN) to protect your device and network from hackers. Aura’s military-grade VPN encrypts all of your data so that hackers can’t see what you’re doing or steal your identity.
6. Apps with too many permissions
Almost every app collects data while it’s running — or requires permissions to work (for example, Instagram needs to access your camera and microphone to capture photos and videos). However, some apps ask for too many permissions or request access to unrelated data in order to sell it online to data brokers (or steal your identity).
Even worse, if hackers compromise these apps, they gain access to anything you’ve allowed the app to see or do on your phone.
How to avoid giving apps too many permissions:
Question any permissions that an app is asking you for. If it’s asking for too much — such as collecting location data, turning on your microphone, reading your screen, and turning on your camera — delete it.
7. Verification code scams (2FA scams)
Two-factor authentication codes are often the last line of security against hackers trying to access your phone, social media accounts, or bank accounts. When Google auto-enrolled user accounts onto 2FA, this resulted in 50% fewer hacked accounts [*].
If criminals already have your username and password, but you’ve enabled 2FA on your accounts, they’ll try to scam you into giving up that code.
The 2FA scam is often an extension of another ongoing fraud, such as a romance scam, in which someone you meet on an online dating site tricks you into giving up a 2FA code. A phishing scam is another example; someone claiming to be from the IRS asks for a code to “verify” your identity.
How to avoid verification code scams:
Don’t give away 2FA codes to anyone — even if someone tells you that they need your help to access one of their accounts. If anyone asks to send a code to your phone, it’s a scam.
8. SIM swapping
SIM swapping (also known as “SIM jacking”) is one of the scarier and more common ways that your phone can get hacked. In this scam, fraudsters call your mobile provider pretending to be you. Then, they ask to switch your phone number to a new SIM that they own.
Once the swap is complete, scammers can make calls from your number and send and receive your texts (including 2FA codes, which gives them access to your accounts).
How to avoid SIM swapping:
Lock your SIM card with your mobile provider. This requires a PIN code in order to swap your phone to a new SIM. Just make sure that your PIN code isn’t easy to guess (like your birthday or address). You can also lock your SIM to your iOS device.
💡 Related: What Can Scammers Do With Your SIM Card? →
9. Charging station hack (i.e., “juice jacking”)
Scammers have also learned to use public charging stations — such as the ones at airports — to steal data or take over your devices. When you plug your phone into a compromised charging port, it either infects your device with malware, or the charging station itself steals your sensitive data.
How to avoid juice jacking scams:
Bring your own charger with you rather than use publicly available chargers, as these could be compromised.
How To Remove a Hacker From Your Phone
If you think your device is hacked, start by taking a few of these steps to neutralize your attacker and limit further damage:
- Delete any unrecognized or resource-draining apps: Remove anything you don’t recognize. If you’re unsure about an app, Google it or look it up in the App store to check that it’s legitimate.
- Clear your browsing history, cache, and downloads. Malware can hide in areas of your phone that you don’t normally use. Clearing your browsing history and cache, as well as your downloads, can remove malicious software that’s hiding there.
- Download security software and run an antivirus scan to isolate malware. Use antivirus software offered by digital safety providers like Aura to find and remove any malware or spyware that has infected your phone.
- Remove unrecognized devices from your Apple ID or Google Account. Scammers who get access to your Apple or Google accounts will connect them to their own devices for easier access. Check for unfamiliar devices in your Google activity log or Apple ID device list, and sign them out.
- Reset your phone to its factory settings (or to a pre-infected backup). Once you’ve removed as many vulnerabilities as you can, reset your device to clear out any lingering hacks. If you’re restoring to a backup (or just bought a new phone), make sure the backup was made before your device was hacked.
- Update your operating system and software. Malware and hacks rely on outdated software. Don’t ignore updates for both your device and any apps you use.
- Change your passwords and enable 2FA. If you suspect that one of your accounts is being targeted, change your password immediately and enable 2FA.
- Set up a password manager. These tools securely store your passwords and alert you to accounts that could be compromised. In addition, a password manager won’t automatically enter your password on phishing sites.
- Contact your bank and any businesses that may have been impacted. If hackers gained access to your accounts, you’ll want to report the fraud to your bank and any other impacted companies.
- Sign up for credit monitoring and identity theft protection. Credit monitoring actively looks for and alerts you to signs of fraud on all your accounts. If your phone has been hacked, this will help you stop scammers from committing financial fraud.
- Consider locking your credit. If your phone was hacked, chances are that scammers are now in possession of your PII, which could enable them to apply for lines of credit in your name. Initiating a credit lock will get ahead of any threats before they happen.
How To Protect Your Phone From Hackers
We’d all agree that it’s better to be proactive about your phone’s security than to deal with a hacked device. Luckily, it doesn’t take much to protect your phone from hackers.
First, become familiar with the signs of a scam or phishing site. Most hacks use social engineering to trick you into giving up your account information or passwords. Don’t send sensitive information to anyone you don’t know personally, especially if they reach out to you.
Next, don’t put your phone in risky or vulnerable situations — such as downloading apps outside of an official app store, using public Wi-Fi, or charging your phone at public charging stations. Also, always be aware of where your phone is and who has access to it.
Finally, make your devices and accounts more secure. You can use a VPN when browsing in public as well as antivirus software to protect you from malware. Make sure your passwords are complex and unique, and enable two-factor or multifactor authentication (2FA/MFA) for added security.
For even more security, follow these advanced tips for protecting your phone from hackers:
- Use an ad-blocker or a privacy-focused mobile browser. Privacy browsers, like Firefox or Brave, have additional privacy features that limit data sharing and tracking and can block adware.
- Ask your mobile provider for a “port freeze.” This requires extra authentication (such as a PIN) before anyone can make changes to your account, including swapping your SIM.
- Enable biometric security (like fingerprint ID). If someone steals your phone, it will be much harder to break into it if you have fingerprint or facial recognition ID enabled.
- Regularly check your credit report and bank statements. Scammers are almost always after your financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts you don’t recognize. An identity theft protection service like Aura can monitor your credit and statements for you and alert you to any signs of fraud.
- Maintain regular updates of your device. Backups can save you from a huge hassle if your phone is hacked or infected with malware.
- Use an authenticator app instead of SMS for 2FA. If you receive 2FA codes over SMS and hackers gain access to your phone, they can bypass your security. Instead, use an authenticator app, which requires stronger security measures, such as biometric identification.
- Set up auto-updates. This will ensure that you’re not running an outdated operating system or using apps that could be vulnerable to hackers.
The Bottom Line: Keep Your Phone Safe From Hackers
Our phones have become digital extensions of our lives. More than just a way to keep in touch, we use smartphones to socialize, date, bank, and more. Losing your phone could be disastrous — but having your phone hacked could be even worse.
Learn to recognize the signs of a hacked phone and what you can do to protect yourself, remove hackers, and prevent future hacks. And for added protection, sign up for Aura’s all-in-one digital security solution.
Aura's security software protects your devices and networks from hackers, monitors your financial and sensitive accounts for signs of fraud, and will alert you in near real-time about any compromises.
And if the worst should happen, every Aura customer is covered by a $1,000,000 insurance policy for eligible losses due to identity theft.