Your phone knows more about you than your closest friend — your bank details, your messages, your location, your passwords. That makes it the most valuable target in your pocket. And attacks are growing fast.
Smartphone attacks jumped 29% in the first half of 2025, and 82% of phishing sites now specifically target mobile users. Meanwhile, the average American receives around 14 scam messages every single day across texts, emails, calls, and social media. The threat is real — but for most people, it doesn't look like a Hollywood hacking scene. It looks like a suspicious text, a sketchy app, or someone you know with access to your unlocked phone.
Here's how to recognise the warning signs, understand how phones actually get compromised, and protect yourself.
You can't simply dial a code to confirm you've been hacked. Viral tips about codes like *#21# only check call-forwarding settings — they don't tell you whether your device is compromised. What you can do is watch for a pattern of warning signs.
7 Warning Signs to Watch For
No single symptom is proof of a hack — battery drain, slow performance, and overheating can all have innocent explanations. But when several of these appear together, it's time to investigate.
1. Battery draining unusually fastMalware running silently in the background consumes power continuously. A sudden unexplained drop in battery life — beyond normal aging — is worth noting.
2. Sluggish performance or random crashesMalicious software can overload your phone's processor. If your phone freezes, crashes, or restarts unexpectedly, something may be working behind the scenes.
3. Unexplained heat when idleA warm phone during active use is normal. A hot phone sitting on the table doing nothing? That suggests a background process is hard at work.
4. Sudden spike in data usageSpyware transmits stolen data back to a remote server, which can eat through your data allowance fast. Check your usage in Settings and look for unfamiliar apps consuming large amounts.
5. Calls or texts you didn't makeSome malware places calls or sends texts to premium-rate numbers. Check your call log and phone bill for activity you don't recognise.
6. Mystery apps or persistent pop-upsApps you don't remember installing are a red flag. Constant pop-ups — especially appearing outside your browser — can indicate adware on the device.
7. Strange activity on linked accountsPassword-reset emails you didn't request, logins from unknown locations, or sent messages you didn't write often show up before you notice anything wrong with the phone itself.
How Phones Actually Get Compromised
The answer is rarely a sophisticated remote exploit. For most people, the path in is much more ordinary.
Phishing Messages
Likelihood: Very High
A text, email, or social media message appears to come from your bank, a delivery company, or a friend. It asks you to click a link, scan a QR code, or simply start a conversation. Thanks to AI, these messages have become alarmingly convincing — polished branding, correct spelling, and a tone that's hard to question. Typos used to be the red flag; that's no longer reliable. QR code scams ("quishing") are also growing fast, using malicious codes in emails, flyers, or public places.
Don't click links in unexpected messages, even urgent ones. If a text claims to be from your bank or a courier, go directly to the company's app or website instead of using the link provided. Be sceptical of QR codes from any source you weren't already expecting.
Compromised Google or Apple Account
Likelihood: High
Someone doesn't need physical access to your phone to access everything on it. If they get into your iCloud or Google account, they can potentially reach your backed-up photos, contacts, location history, saved passwords, and email. Once they control your email, they can reset passwords across all your other accounts — triggering a chain reaction.
Use a unique password for every account and store them in a password manager. Enable login alerts, and use an authenticator app rather than SMS for two-factor authentication. Apple users should look into Advanced Data Protection for iCloud.
Malicious or Invasive Apps
Likelihood: Moderate to High
Many harmful apps don't announce themselves as malware. They disguise themselves as QR scanners, PDF tools, battery boosters, VPNs, or camera filters. Once installed, they may collect data, serve aggressive ads, or run processes in the background. The risk is higher if you install apps outside the official app stores.
Stick to official app stores. Question any app requesting permissions beyond what it needs to function. Regularly review your installed apps and delete anything unfamiliar. On Android, ensure Google Play Protect is active and installs from unknown sources are disabled.
Spy Apps Installed by Someone You Know
Likelihood: Moderate (in close relationships)
This threat is often dismissed because people imagine hackers as distant strangers. In reality, many spy app installations are carried out by a partner, family member, or employer — someone who already has physical access and knows your passcode. These apps can silently monitor your location, calls, texts, browsing history, and even your microphone.
Use a strong passcode that isn't shared with anyone. Review installed apps regularly. On iPhone, never jailbreak your device — and if you see signs it has been (alternative app stores like Cydia), restore the phone to factory settings.
SIM Swapping
Likelihood: Lower, but serious
A criminal convinces your mobile carrier to transfer your phone number to a SIM card they control. From that point, they receive all your calls and texts — including one-time security codes — and can access your accounts. This is particularly damaging for anyone using SMS-based two-factor authentication.
Set a strong PIN on your carrier account and activate any available SIM lock or number protection features. Switch from SMS verification to an authenticator app wherever possible.
Fake Public Wi-Fi Networks
Likelihood: Moderate
A scammer creates a hotspot named to look like a legitimate café, hotel, or airport network. Once you connect, they may redirect you to fake login pages or attempt to intercept your traffic.
Use apps rather than a browser for banking or email on public Wi-Fi. Consider a reputable VPN, especially when travelling. Avoid entering passwords after connecting to an unfamiliar network.
Remote Camera or Microphone Exploits
Likelihood: Low
Despite being a common fear, remotely hijacking a phone's microphone or camera is technically difficult, expensive, and typically reserved for high-profile targets — politicians, government contractors, journalists. For most people, the realistic threat is a malicious app or phishing site stealing account credentials, not a spy silently watching through the camera.
Install software and app updates promptly. Security patches close the vulnerabilities these rare attacks rely on.
What to Do If You're Concerned
If you're seeing multiple warning signs, take these steps right away:
- Change your most important passwords first — especially email and banking — from a separate, trusted device. Your email account is often the key that unlocks everything else.
- Review your installed apps and remove anything unfamiliar. On Android, check whether any suspicious apps came from outside the Play Store. On iPhone, check your App Store purchase history.
- Check app permissions. Does that flashlight app really need access to your contacts and microphone? Revoke any permissions that seem excessive.
- Keep your software updated. Security patches exist for a reason — apply them as soon as they're available.
- Enable two-factor authentication on your key accounts, and switch from SMS codes to an authenticator app. It's one of the most effective defences available.
- If all else fails, reset. A factory reset will remove the vast majority of malware and spy apps. Back up your photos and important data first, but restore selectively to avoid reintroducing the problem.
The threats to our phones are real and growing — but so are the tools to fight them.
A few consistent habits — strong unique passwords, scepticism toward unexpected messages, regular app reviews, and prompt software updates — go a long way toward keeping your digital life secure. When in doubt, reach out to a trusted IT partner before a small concern becomes a serious breach.
