What to Do If Your Phone Is Hacked: Step by Step Guide

Published March 1, 2026 | By Digital Evidences

Discovering that your phone may have been hacked is alarming, but your immediate response can make a significant difference in limiting the damage and preserving evidence for potential legal action. Whether someone installed spyware on your device, accessed your accounts without authorization, or compromised your phone through a phishing attack, this step-by-step guide will help you respond effectively.

Signs Your Phone May Be Hacked

Before taking action, it helps to identify the warning signs of a compromised device. Common indicators include unusual battery drain that exceeds normal usage patterns, unexplained data consumption, your phone running noticeably slower than usual, strange apps appearing that you did not install, unexpected pop-ups or redirects, your phone making calls or sending messages on its own, and accounts showing activity that you do not recognize. If you notice one or more of these signs, take the following steps immediately.

Step 1: Do Not Factory Reset

Your first instinct may be to wipe your phone clean, but this is the worst thing you can do if you need evidence. A factory reset destroys the forensic artifacts that could identify who hacked your phone, how they did it, and what data they accessed. If you are considering legal action or need to file a police report, preserving the evidence on the device is essential.

Step 2: Disconnect from the Internet

Put your phone in airplane mode immediately. This prevents the attacker from continuing to access your device remotely, stops any spyware from transmitting your data, and preserves the current state of the device for forensic examination. Keep the phone powered on but disconnected from all networks including Wi-Fi, cellular data, and Bluetooth.

Step 3: Change Your Passwords from Another Device

Using a trusted computer or another phone, change the passwords for your most critical accounts: email, banking, social media, and any other accounts linked to the compromised phone. Enable two-factor authentication on all accounts that support it. Start with your email account, as it is typically the recovery method for all other accounts.

Step 4: Contact a Digital Forensics Professional

A certified digital forensics examiner can perform a thorough analysis of your device to determine the nature and extent of the compromise. Using tools like Cellebrite UFED, a forensic professional can extract a complete image of your phone's data, including hidden spyware, unauthorized applications, and system-level modifications that would not be visible through normal use.

Oxygen Forensics Detective provides additional capabilities for analyzing the extracted data, including identifying network connections made by malicious applications, recovering deleted communications that may have been exfiltrated, and documenting the timeline of the intrusion. This forensic report can serve as evidence for law enforcement investigations or civil litigation against the perpetrator.

Step 5: File a Report

Contact your local police department to file a report about the unauthorized access to your device. If the hack involved financial fraud, also contact your bank and credit card companies. In the United States, you can report cybercrime to the FBI's Internet Crime Complaint Center. Having a forensic report from a qualified examiner significantly strengthens any report you file.

Step 6: Secure Your Device Going Forward

After the forensic examination is complete and evidence has been preserved, work with your forensics professional to clean or replace your device. Update your operating system to the latest version, install reputable security software, review app permissions carefully, and avoid clicking links from unknown sources. Consider using a password manager and enabling biometric authentication for an additional layer of security.