Have you ever lost your smartphone? Feels like you’ve lost your world—which, in a way, you have. Your phone has all your contacts, voice mails, apps, social media, photos, videos, search history—not to mention that you use it to call, face time, email, video and text. This is why it has become a primary target for hackers, and, yes, you can be hacked by replying to a text. Hackers have created a number of ways to attack your phone, and in this article, we are going to detail what these are, and how to fight back.
How do hackers get access to your phone?
All a hacker has to do is type your number into a people search site, like WhoEasy, Whitepages, or Fast People Search. Up comes your name, and varying degrees of personal information.
Spyware is malware that monitors what you do with your phone. Hackers can use spyware to activate your phone’s camera and microphone, scan your emails, text, social media, contacts, search history, web traffic—essentially watch and record everything you do with your phone. Spyware is often unwittingly installed when you click on a link in a bogus email or text—and we’ll get to these, soon. For now, think of spyware as a thief that has snuck into your house, and will quietly wait and watch to see where you hide your valuables.
Phishing is one of the ways hackers download spyware into your phone. It’s a type of social engineering attack which preys upon your fear. The intent is to create a sense of urgency and immediate need, so you do not have time to think critically.
Scam emails: One form of phishing is a scam email, which will look like it’s from your bank or credit card company, informing you about fraudulent charges or withdrawals. The email will ask you to hit a link, then sign into your account, to verify this is you, and then they can “unblock” your account and restore your funds. Of course, once the fraudster gets your login credentials, they perpetrate the very fraud they claim to be preventing. And that link you hit may very well have released spyware into your operating system.
Scam texts: Scam texts—or “smishing”—act on a similar principle. You’ll get an official-looking text that will inform you one of your accounts has been compromised, and you need to hit a link, to “unfreeze” it. The link will take you to a sign-in screen, where you will be asked to enter your login credentials. Here, again, the fraudsters get your credentials in order to compromise your account, while unleashing some form of spyware into your system.
Public networks like the Wi-Fi at your local coffee shop are loosely encrypted and ripe for hacking. A fraudster can infiltrate devices connected to a public network, unleashing spyware while gathering personal information. Always use a VPN, or Virtual Private Network, when using your smartphone or laptop away from home.
A keylogger is a type of spyware that performs “keylogging”—the act of recording everything you type on a computer or mobile keyboard. This enables a fraudster to get your login credentials, banking and credit card information, anything that you type in.
Can somebody hack into your phone by calling you?
In a word: no. You can’t get hacked by simply answering your phone. However, you can fall prey to “vishing”—which is the verbal equivalent of “phishing.” Here, again, the intent is to create a sense of urgency, so you do not have time to sit back and think. A fraudster will call, impersonating a bank official, informing you of your compromised account, lost funds, anything to get you to sign in to your account there and then. Don’t comply.
What to do if your phone is hacked?
If your battery has mysteriously worn down, your data usage is way up, your phone operates slowly, overheats, opens apps for no apparent reason—chances are your phone has been hacked, and there is malware running in the background. What to do?
Change your passwords
Change the passwords to all your online accounts immediately. For each account, create a password that is random and unique. Do this by using an online password generator. Then download a password manager app, which will store your passwords safely, and auto-login when you open an account.
Factory reset your phone
A factory reset will clear whatever malware lurks in your phone’s operating system—but it will wipe out all other data, as well. So make sure you have backed up everything you want to save onto the cloud, an external drive, or your computer. Also, make sure your phone is at least 50% charged. Then follow the simple procedure your phone (Android or iPhone) will have for a factory reset.
Check your social media accounts
Next: check your social media accounts. They supply a treasure trove of contacts that a fraudster can send malicious content to—in your name. Here are a number of signs that your social media has been hacked:
- You notice posts on your wall you did not write.
- You get posts from friends with a suspicious link.
- Your friends get posts from “you” with a link.
- You note logins at strange times or from remote places.
- Your number of friends suddenly increases.
- Your password has been changed and you’ve been locked out of your account.
Let your contacts know
If your social media accounts have, indeed, been hacked, make sure to let all your contacts know. Warn them to look out for messages asking for money or bearing a link that might unleash malware. Also, contact the social platforms that host the hacked accounts. And, of course, change these passwords if you haven’t already.
Check for unusual apps
Check your apps. If you see any that you did not install—uninstall it immediately. And make sure to update your anti-malware program and run scans on a regular basis. There is malware that can piggyback on legitimate apps permissions and infect your phone.
Protect yourself with IDShield
The one thing which will help protect you from all the above is a best-in-class ID theft protection plan from IDShield. We give you an anti-virus and anti-malware solution using our cloud-based AI technology for your devices and our own Virtual Private Network with bank-grade encryption for up to 15 devices on our IDShield Family Plan which protects your web traffic wherever you go.
We also supply 24/7 credit, dark web and social media monitoring, social media reputation management, $1 Million Identity Theft Protection Plan and our in-house team of Licensed Private Investigators who will do whatever it takes for as long as it takes to restore your identity to its pre-theft status. We are the industry standard, and we offer different plans to suit your needs. Please choose the plan that works for you.
Frequently Asked Questions
What happens if I reply to a spam text?
Do not hit any link, give out any personal information, accept any phone call that might come next. These are just “scammer tactics“ designed to extract your login credentials. If you are wondering what to do after being hacked—the first thing to do is run an anti-malware scan.
Can someone steal your information through a text?
No—unless you hit a link included in the text. To avoid getting hacked, do not hit any link that comes with a text or email—unless you are absolutely sure of the sender’s identity.
Can someone hack your phone with just your phone number?
No. You would have to respond to a text or phone call that would then compromise your device. If you wonder: “am I being hacked via a suspicious text, email, phone call?”—do not respond in any way.
Can someone hack my phone by texting a photo?
No. You would have to respond to that photo via an attached link. If you are worried about recognizing identity theft—get the identity theft protection plan from IDShield that works for you.
How to tell if your password was hacked?
You may see logins at strange times, or from remote places. Or you may get locked out of your account.
Pre-Paid Legal Services, Inc. (“PPLSI”) provides access to legal and identity theft services through membership-based participation. IDShield is a product of PPLSI. All Licensed Private Investigators are licensed in the state of Oklahoma. The information available in this blog is meant to provide general information and is not intended to provide professional advice, render an option, or provide any specific recommendations. The blog post is not a substitute for competent and professional advice. Information contained in the blog may be provided by authors who could be third-party paid contributors. All information by authors is accepted in good faith; however, PPLSI makes no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of such information.