How to tell if your phone has been cloned

With our ever-increasing reliance on smartphones, a lot of personal and private information is stored on them. Besides personal pictures and messages, you don’t want others to see your important banking and other financial info. So it goes without saying that keeping our devices safe and secure is essential. And while device makers have made it harder for malicious actors, vulnerabilities pop up surprisingly often. Here’s how to tell if your phone has been cloned.

What is phone cloning? SIM Swap attacks explained

Phone cloning isn’t as simple as some spy movies might make it seem, but it is a genuine concern for any smartphone user. There are two ways a malicious actor can clone your phone. The first is to copy your phone’s SIM card data and IMEI (International Mobile Equipment Identity) information to duplicate your smartphone on another device. They can make calls and send messages for phishing scams, access one-time banking, and other account passwords, or make expensive calls to premium-rate numbers.

Another type of phone cloning is where someone can copy or access your phone’s data. A few legal spy apps are available for parents to monitor their child’s phone activity. But for the most part, a hacker can install malicious apps on your phone through malware. So it’s important to never let your phone end up in the hands of someone you don’t trust. We’d recommend setting up a secure password or PIN so only you can get past the lockscreen.

You may fall victim even if an attacker never gets physical access to your smartphone. In what’s known as a SIM swap attack, a malicious person could impersonate your identity and ask your carrier to reissue a new SIM card. They can then use this SIM card to send and receive text messages, which may unlock access to online services like banking and email.

Likewise, there’s a lot hackers can do after malware is installed on your phone. Keyloggers let them see everything you type on your phone, like account login information. They might also be able to access private documents, photos, and videos and leak them, try and scam friends, family, and other contacts, or install ransomware on your devices.

How to tell if your phone has been cloned

Check your phone for malware

There are several ways you can tell if your phone has malware. The most obvious issue to watch out for is performance problems. Your phone might suddenly become sluggish or crash and freeze often. You might also notice rapid battery drain and overheating issues. Of course, software bugs and other glitches might cause these issues. You should check out our guides to speed up your smartphone and fix Android battery drain issues.

In the case of malware, look for behavior beyond what a software bug might cause. To a point where your phone is almost unusable. A noticeable increase in pop-up ads, strange emails, and weird text messages are also signs of a malware-ridden phone.

You can check your device for malware and go through the phone’s app list (go to Settings > Apps) and look for apps you don’t recognize. If you see suspicious apps that you can’t get rid of, your only option might be to reset the phone completely.

Unusual calls on your phone bill mean your phone has been cloned

If you’ve fallen victim to SIM-card cloning, look for unusual calls and charges on your phone bill. The hacker will use your phone to make expensive calls to international or premium-rate numbers or rack up high data charges if you don’t have an unlimited data plan. More malicious actors might use your phone number for criminal activities and cause the authorities to come after you.

Your phone bill will have an itemized list of all the phone numbers you’ve called or received calls from. Ensure you check your account for unusual activity every month to avoid serious problems.

Getting messages to restart your phone

Phone cloners might need a short period of time while your phone is off to set up their own duplicate devices. Be wary of sudden messages and emails asking you to turn off or restart your phone. Since restarting your phone is a common troubleshooting step, check that you receive the request from an authorized service center. In extreme situations, you might have to cancel your account and get a new phone number.

Not receiving texts or calls

Someone might have cloned your phone if you notice that you aren’t receiving text messages or phone calls. You will usually get a “No SIM card” error or problems with mobile data not working if it’s a network problem or an issue with the SIM card or phone hardware. If you cannot fix the error, contact your service provider immediately. You will likely need a new SIM card, but it might also be a phone cloning issue.

Find My Device shows an inaccurate location

If someone has cloned your phone’s IMEI, you will see a wrong or second location using the Find My Device app. Go to Find My Device if you have an Android device linked to your Google account and check the location. Apple, Samsung, and some other OEMs have their own apps, and there are some excellent third-party phone locating options as well. If you see a second location on these apps, someone has cloned your phone.

What to do if you discover your phone has been cloned

If you believe one of the above attacks may have happened to you, don’t worry. All hope is not lost yet. Follow these tips to secure your phone and number:

1. Call your cell provider: If you’re no longer receiving phone calls or SMS, someone may have cloned your SIM card. Simply call your service provider and ask if they received a request to activate your number recently. If so, you can report the request as fraudulent and ask the carrier for next steps. Let them know you’re a victim of a SIM swap attack, they should have protocols in place to sort you out.
2. Change your passwords: If an attacker has cloned your device, it goes without saying that you should change your passwords. Changing your passwords will also log you out of your accounts on all devices, including any cloned ones. We recommend using a password manager so that you don’t reuse the same passwords across multiple apps or websites. Password reuse is an easy way for an attacker to get access to all of your accounts with a single leak or security breach.
3. Factory reset your device: It’s possible that the attacker used malware embedded inside an app or email attachment to infect your device. In that case, factory resetting your device should clear the malware.
4. Disable SMS logins (bonus): This one won’t help you recover from a cloned phone, but it’s good advice nonetheless. If any of your online accounts use SMS as a recovery method, you should disable it immediately. For a more secure alternative, enable app-based two-factor authentication instead.

FAQs