How to know if your phone is hacked — and what to do next

You probably know your computer can be hacked, but did you know your phone can be, too?

Your phone is likely how you text friends and family, make healthcare appointments, shop online, and manage your bank accounts, making it an ideal target for hackers to access your personal data very quickly.

If your phone is hacked, you’re vulnerable to identity fraud and, potentially, serious financial loss. We’ll help you understand exactly how your phone can be hacked and what you can do to prevent it.

How can someone hack your phone?

There are several paths hackers can take to target and break into your mobile device.

Public WiFi

Connecting to a public WiFi network presents a lot of risks. Hackers can create public hotspots with names that look legitimate in order to trick you into connecting to them. When you connect to a fake hotspot, you may be directed to a landing page and prompted to create an account in order to connect to the internet. Once you’re connected, hackers will be able to see everything you’re doing and collect data that may include your email address and passwords in order to access your online accounts. If you connect to public WiFi that isn’t password protected, hackers can also use man-in-the-middle attacks to insert themselves between your device and the website or app you’re using, intercepting or even altering your data.

How to protect yourself against public WiFi attacks:

• Use a secure VPN(nowe okno) to hide your online activity
• Use caution when connecting to public WiFi networks (and consider not doing it)

Malicious apps

Hackers are able to hide malware in apps uploaded to fake app stores or sent to you via phishing emails.If you’ve accidentally downloaded a malicious app, a hacker can gain access to your phone and your online accounts. They can also find sensitive data about you, and potentially use it to commit identity fraud.

How to protect yourself against malicious phone apps:

• Never click a link or download an app sent to you by someone you don’t know via email or text
• Only download apps from official app stores

Phishing scams and malware

Phishing is a tactic hackers use to trick you into revealing personal data or downloading a malicious app (also known as malware(nowe okno)). A hacker can gain access to your phone by posing as a customer service agent or an authority figure and convincing you to hand over login credentials for your accounts. If you download malware from a fake app store or an email sent to you by a hacker, the app can be used to gain access to other apps on your phone.

How to protect yourself against phishing scams and malware:

• Use email aliases to hide your personal email address when you’re creating new accounts online
• Switch off email aliases and create new ones if you start to receive spam emails
• Never give out your personal information via email, phone call, or text unless you’ve verified that you’re speaking to a legitimate governmental or business representative. They’ll never ask you for your password, so never give that out.

SIM-swapping

A SIM-swap attack is a type of identity theft that hackers can use to convince your mobile carrier to switch your phone service over to a new SIM card in their possession. They can then perform an account takeover, gaining access to your phone number and all the apps you use on your phone.

How to protect yourself against SIM-swapping attacks:

• Don’t share personal information such as your phone number online
• Create strong passwords for all of your online accounts
• Use two-factor authentication (2FA) to create extra protection for your accounts

Surveillance

In more extreme cases, software such as Pegasus spyware(nowe okno) can be sold to governments for surveillance purposes. This type of spyware can be deployed without the device owner taking any action, granting full access to all of the apps and data stored on the device as well as the camera and microphone. According to an investigation conducted by the Forbidden Stories consortium and Amnesty International, Pegasus spyware has been used against “at least 180 journalists […] in countries like India, Mexico, Hungary, Morocco and France, among others.” This type of hack is more likely to affect high-profile or politically sensitive workers, so it isn’t common.

How to protect yourself against government surveillance:

• Consider extra safety precautions if you’re a politically exposed person such as high security programs
• Consider using a dumb phone(nowe okno) if you’re traveling
• If you have a phone that connects to the internet, use a VPN(nowe okno)

How to check if your phone has been hacked

Check your phone’s battery life

If the battery level on your phone suddenly decreases much faster than usual, this is a very common sign that your phone has been hacked. This is caused by malware running on your phone so that hackers can collect your data, and potentially even activate your phone’s microphone or camera remotely.

Check your signal

If your phone is suddenly unable to connect to your mobile carrier, make phone calls, or send texts for no reason, you may have been affected by a SIM-swapping attack. If you don’t move quickly, hackers will be able to access everything on your phone and you may be locked out of your accounts or see fraudulent transactions being made from your bank account. Contact your service provider to make sure that there are no issues with your network, and if there aren’t then you’ll need to confirm with your provider that you’ve been affected by a SIM swap attack.

Check your phone for unusual behavior

Unusual behavior may look like your phone crashing or restarting unexpectedly. You may see random pop-ups or ads that you haven’t seen before, as well as strange activity such as your phone taking a long time to load or the battery suddenly overheating. You may receive security alerts you haven’t seen before that hackers have generated, or you might start receiving a high volume of spam or phishing emails. If your phone starts acting suspiciously, you may have been hacked.

Check your settings and data usage

If the settings on your phone suddenly change without warning, for instance camera and microphone access for apps or two-factor authentication being switched off for your accounts, your phone could have been hacked. If you’re unsure of the settings you should use for your apps, look for handy app guides online about exactly what the apps on your phone can do and what they have access to.

You should also check for any unusual spikes in data usage on your phone. This could be a sign that your device has downloaded new apps or malware without your permission, or that it’s downloaded a large amount of data.

Check your phone for apps you don’t recognize

Go through your phone’s library to make sure that there aren’t any apps you didn’t download. If you spot an app you aren’t sure about, check online to see if it could have come preinstalled on your phone. Make sure that you know the purpose of every app on your phone, and if you can’t be sure, you can perform a hard reset to restore your phone to factory settings.

What to do if your phone was hacked

Here’s a step-by-step guide for what to do if you know that your phone has been hacked.

1. Back up your photos, files, and contacts. If there’s anything on your device that you want to save, make sure you back it up to secure cloud storage.
2. Reset your phone to factory settings. This will get rid of any malware and malicious apps.
3. Update your OS to the latest version after resetting your phone. Updating your phone will protect you from existing vulnerabilities in the device’s OS that hackers could exploit.
4. Download apps manually from the official app store. Don’t use automatic backup to restore your apps: you might download malware apps again. Instead, go to your device’s official app store and don’t visit any third party app stores.
5. Change your passwords, focusing on sensitive apps such as online banking, email, and cloud storage apps.

How to prevent your phone from being hacked

Your phone requires a different security approach than your laptop or PC does: it’s unlikely that you need antivirus protection, but you still need to take care when you’re downloading apps and where you’re sharing sensitive data. Thankfully, by taking the following steps you can protect your phone.

Regularly update your operating system and your apps: One of the most important tools in your arsenal is simply regularly updating your phone and everything on it. Hackers exploit weaknesses in older versions of device operating systems and apps, so regular updates help you ensure that you’re protecting yourself from known vulnerabilities.

Only download official apps: When you’re looking for apps, make sure you’re visiting the official app store for your device e.g., Apple’s App Store or the Google Play Store. Unregulated third-party app stores may allow hackers to upload malware, so it isn’t worth using them.

Use a VPN: A VPN will hide your online activity, making it much harder for a hacker to intercept your phone. You’re less vulnerable to being spied on when you’re connected to a secure VPN(nowe okno), even if you’re connected to public Wi-Fi. Proton VPN protects your privacy and keeps no logs of what you do online, meaning what you do online on your phone is hidden from hackers, advertisers, and governments.

Don’t ever give out your login credentials: No customer service agent or representative for a company or governmental agency will ever ask you for your login credentials. If you’re asked to give your email address or password on the phone, or via email or text, it’s highly likely that you’re being targeted by a scammer. If you need to share your passwords securely with a family member or a friend, it’s possible to do this safely with a password manager, but you should never give your login credentials to anyone you don’t know.

Use a password manager: As mentioned above, a password manager will help you share passwords securely if you need to. Securing your accounts is easy with the right tool: Proton Pass protects your passwords, keeping them in a single, secure location for you to access when you need, instead of spreading them across insecure locations such as written notes or documents. All of the passwords to your banking apps, your government services, your online shopping accounts, and more can be easily stored, autofilled, and even securely shared with family and friends if necessary.

Use two-factor authentication: Two-factor authentication (2FA) creates an extra way to verify your identity when you log into one of your online accounts. As well as a password, you can use a biometric login, a single-use code generated by a secure authenticator app, or a security key. There are many ways you can make it harder for a hacker to access your account, and it’s worth activating 2FA for as many of your accounts as you can.

Ensure your phone stays safe in the future

Choosing the right tools is half the battle when it comes to keeping your devices safe. With so many malicious apps and phishing scams online, how can you stay safe? With a secure VPN(nowe okno) and password manager, you can protect your sensitive data, your devices, and your online life, no matter your level of tech expertise. Proton puts your privacy first and gives you the power to protect yourself from bad actors online.