Data breaches are becoming alarmingly common, and it’s no longer just massive corporations or government agencies in the crosshairs. Hackers are setting their sights on personal devices like your smartphone. Think about it, your phone holds a staggering amount of your personal information. 

From emails and text messages to banking apps, social media and even your photos, it’s a treasure trove for cybercriminals.

The numbers back up the growing threat. The FBI’s Internet Crime Complaint Center received nearly 56,000 reports of personal data breaches last year. California, the most populous state, topped the charts for the most complaints, according to the Identity Theft Resource Center (ITRC). These stats are more than just numbers — they’re a wake-up call.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

So, what happens if you find your phone has been hacked?

It’s a nightmare scenario. Your phone feels off — battery drains faster than usual, strange pop-ups appear, apps you didn’t download show up, or you’re suddenly locked out. Maybe it’s sluggish, overheating or making unexpected calls or texts. Your mind races: “What did they see? What can they do with my information? Can I even fix this?”

Take a deep breath. Yes, it’s unsettling, but you’re not powerless. Knowing what steps to take — and in what order — can make a huge difference in regaining control and stopping the damage. Let’s walk through exactly what to do if your phone gets hacked, so you can protect yourself and bounce back stronger.

Illustration of a scammer hacking into someone’s phone. (Kurt “CyberGuy” Knutsson)

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS — CYBERGUY PICKS

Step 1: Remove malicious software

Even if hackers had only brief access to your device, assume they’ve seen sensitive data. Your first task is to remove any malware or spyware.

1. Use strong antivirus software: The easiest and most effective way to start is by installing and running strong antivirus or antivirus software. Avoid unfamiliar apps, as some pose as antivirus tools but are actually malware in disguise. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

After installation, run a full device scan. This will search for hidden threats like spyware, ransomware, or keyloggers that could compromise your information further. Once the scan identifies malicious files, follow the app’s instructions to quarantine or remove them. Be sure to double-check the app’s log to confirm all suspicious activity has been addressed. Most antivirus tools offer real-time protection to monitor for threats as they occur. Turn this feature on to reduce the risk of reinfection. Antivirus programs are only as effective as their latest updates. Cybercriminals continuously develop new malware, so keeping your antivirus database current ensures it can detect the newest threats.

2. Factory reset if needed: If the antivirus software fails to fully restore your phone’s functionality — such as fixing issues like freezing, slowdowns or unexpected shutdowns — you may need to perform a factory reset on your iPhone or Android. A factory reset wipes all data from your phone, returning it to its original state when it left the manufacturer. Before resetting, create a backup of your important files. However, ensure the backup itself is free of malware. Use antivirus software to scan backups before restoring them. Most phones offer a simple reset option in their settings menu under “System” or “General Management.” Consult your device manual or manufacturer’s website for detailed instructions.

3. Seek professional help: If you’re not confident in your ability to remove malware or reset your phone, reach out to a trusted professional. Visit the Apple Store, Microsoft Store or an authorized service provider for your phone brand. Explain your situation and ask for a thorough inspection and cleaning of your device. Many retailers offer comprehensive diagnostic and repair services.

4. Abandon hardware only as a last resort: In rare cases, malware can deeply embed itself into a device, making complete removal nearly impossible. If your phone continues to exhibit signs of infection despite using antivirus tools, factory resets and professional help, you may need to replace it. Ensure you completely wipe the device before disposing of it to prevent any residual data from falling into the wrong hands. When setting up a new device, take extra precautions to secure it, such as enabling two-factor authentication and keeping all software up to date.

Illustration of someone trying to remove malware from their device. (Kurt “CyberGuy” Knutsson)

 THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

Step 2: Don’t reset passwords prematurely

Resist the urge to immediately change passwords on a compromised device. Hackers might still have access and could intercept your new credentials, potentially locking you out again. Instead, follow these steps:

Thoroughly clean and secure your device first:

Use a trusted, secure device for password resets:

• Use another device you own or borrow a friend’s or family member’s computer to reset your password.
• If possible, also use a different network than your compromised phone to avoid potential network-level attacks.

Prioritize critical accounts:

• Start with your email, as it’s often used for password resets on other accounts.
• Move on to financial accounts, social media and other sensitive services.

Create strong, unique passwords:

• Use a combination of uppercase and lowercase letters, numbers and symbols.
• Aim for at least 12 characters in length.
• Avoid using personal information or common phrases.
• Consider using a password manager to generate and store complex, unique passwords for each account. They encrypt your password database, adding an extra layer of security.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Someone entering a password on their device. (Kurt “CyberGuy” Knutsson)

Setting up passkeys on iPhone and Android

As we’ve seen, traditional passwords present numerous security challenges — including susceptibility to breaches and phishing attacks — along with the inconvenience of remembering complex combinations. Even with best practices in place, passwords can still be stolen or misused.

This is where passkeys come into play. As data breaches become increasingly common, adopting passkeys can significantly enhance your security. Unlike passwords that require you to remember a string of characters, passkeys utilize biometric authentication or a PIN to streamline the login process while providing protection against unauthorized access.

Benefits of using passkeys

Enhanced security: Passkeys are resistant to phishing attacks and reduce the risk of credential theft since they cannot be easily guessed or stolen like traditional passwords.

Convenience: With biometric authentication, logging into apps and websites becomes faster and easier — eliminating the need to remember complex passwords.

Cross-device functionality: Passkeys work seamlessly across different devices linked to the same account — providing a unified login experience.

Here’s how to set up passkeys on both iPhone and Android devices so that you can secure your personal information.

Setting up a passkey on iPhone 

• Check compatibility: Ensure your iPhone is running iOS 16 or later; passkeys are integrated into iCloud Keychain.
• Enable iCloud Keychain: Go to Settings > [Your Name] > iCloud > Under Saved to iCloud, tap Passwords. In iOS 17 or earlier, tap Passwords and Keychain. > Tap Sync this iPhone to turn on iCloud Passwords & Keychain. You might be asked for your passcode or Apple Account password.
• Ensure that two-factor authentication is also enabled for your Apple ID. Open Settings > Tap your name at the top > Select ‘Sign-In & Security’ > Tap ‘Turn On Two-Factor Authentication’ > Follow the on-screen instructions to complete the setup.

How to create a Passkey on iPhone

• Open the app or website where you want to create a passkey.
• Select the option to sign in or create an account.
• When prompted for a password, choose the option to use a passkey instead.
• Follow the on-screen instructions to authenticate using Face ID, Touch ID, or your device passcode.
• Your passkeys will be stored in iCloud Keychain and automatically sync across all devices signed in with the same Apple ID.

Setting up a passkey on Android

Settings may vary depending on your Android phone’s manufacturer.

• Check compatibility: Ensure your device is running Android 9 (Pie) or later; most modern Android devices support passkeys.
• Set up Google Password Manager: Go to Settings > Tap your Name or initial > Google > Manage Your Google Account > Security. Then, scroll down to find the Passkeys section and tap on it.

How to create a passkey on Android:

Settings may vary depending on your Android phone’s manufacturer.

• When signing into an app or website, select the option for passwordless login.
• Follow the prompts to create a passkey; this may require biometric verification (fingerprint or facial recognition) or a PIN.
• Once created, your passkeys will be stored in Google Password Manager and synced across all devices linked to your Google account.

HOW SCAMMERS USE YOUR PERSONAL DATA FOR FINANCIAL SCAMS AND HOW TO STOP THEM

Step 3: Secure your assets and prevent identity theft

With your device clean, focus on protecting your financial and personal information.

Credit reports: Contact Equifax, Experian and TransUnion to place a fraud alert and security freeze on your credit reports. Regularly check your credit reports for unauthorized activity. Contacts: Equifax: 1-800-525-6285,Experian: 1-888-397-3742, TransUnion: 1-800-680-7289.

Financial institutions: Update passwords and enable two-factor authentication (2FA) on your bank accounts. This enhances the security of your financial information. Inform your financial institutions about the breach. Some banks allow you to set up verbal passwords for added security.

Driver’s license: Submit a Fraud Review of Driver License/Identification form to your local Department of Motor Vehicles (DMV).

Social Security account: Create a my Social Security account if you don’t already have one. Monitor it for any unusual activity. Regularly review your account statements to ensure no unauthorized changes have been made.

Taxes: Obtain an Identity Protection (IP) PIN from the IRS to prevent fraudulent tax filings. File your taxes early to outpace potential fraudsters. You can get an IP PIN by visiting the IRS official website.

Identity theft protection: Identity theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

Kurt’s key takeaways

Getting your phone hacked is a sobering reminder of how vulnerable we are these days. Yet, the experience doesn’t have to be catastrophic if you act quickly and methodically. Start by addressing the immediate threat of malware, secure your accounts and assets, and implement proactive measures to prevent future breaches. Think of these steps as your digital emergency kit — essential tools to help you regain control when things go wrong. Remember, your digital security is only as strong as the precautions you take today.

Have you ever experienced a phone hack or dealt with a cybersecurity breach? Share your story, your questions or the steps you took by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.