Your Phone Is Hacked: What Do I Do?
This guide is used by Australian IT professionals to respond to real hacked-phone emergencies. Follow the steps in order. Most cases are fixable.
If you believe your phone has been compromised, acting quickly and calmly is critical.These are the immediate steps you must take. Based on Your IT and Tech Mates' extensive experience handling real IT support and cyber cases, we created this definitive, 8-phase recovery plan specifically for Australians. Follow every step in order, as speed is critical to protecting your finances and identity from cybercrimes.
Who This Emergency Guide Is For
Prepared using real incident response workflows followed by Australian IT professionals.
- Australians who believe their phone has been hacked or compromised
- People seeing unusual battery drain, pop-ups, or unknown apps
- Seniors, parents, or non-technical users needing clear steps
- Anyone worried about banking, myGov, or identity theft
Phase 1: The First 5 Minutes (Stop the Bleeding)
If my phone is hacked, the hacker is likely using your data connection to "talk" to your device (exfiltrate data or receive commands). Therefore, you must cut the cord immediately.
-
✈️Activate Airplane Mode Immediately
Switch it on immediately. This is the fastest way to cut all Wi-Fi, Cellular, and Bluetooth connections, stopping remote access and data transfer. Your phone can still be used offline for reference.
-
🔍The "Spy App" Audit
Look for any unknown apps, especially legitimate-looking remote access tools like AnyDesk, TeamViewer, or Zoho Assist. Scammers use these for screen sharing. If you didn't install them, delete them instantly.
-
📵Kill the Secret Forwarding
Open your phone dialer. Dial *#21# to check if your calls/SMS are being forwarded. Then, dial ##002# to cancel all redirections. This prevents hackers from intercepting 2FA codes.
Find Your Local Repair Experts
Visit our closest service hub for an honest assessment and quick turnaround. Local guidance for Epping and Wollert residents is available through our professional computer security assessment and professional phone security assessment . We focus on real device condition — not upselling or unnecessary replacements.
Phase 2: Secure Your Finances (The Hour of Protection)
Use a trusted, separate device (a desktop computer or a friend's phone) to perform these actions while your compromised phone remains in Airplane Mode.
Australian Identity
Your Medicare, ATO data, and personal documents are major targets. Do not delay these calls:
IMPORTANT: State clearly that your phone was compromised so they can flag your identity immediately.
Phase 3: Optional Step: Consult Your IT or Tech Mates
Before proceeding to the nuclear option (Phase 4), you may want to quickly consult a trusted tech-savvy friend or your workplace IT department (if applicable and using a separate, clean device).
-
🤝What to Ask Your Consultant
Ask them to verify if any banking/email backdoor configurations were successfully implemented by the hacker. They may be able to spot subtle account changes you missed during Phase 2.
-
⚠️The Hard Truth
While an expert might confirm the hack, a full factory reset (Phase 4) remains the most secure method of sanitizing the device. Do not let them talk you out of the reset unless they can physically verify the device is clean.
Phase 4: The Deep Clean (Removing the Malware)
Admittedly, resetting your phone is tedious, but it is the only way to be 100% sure the hack is dead. A factory reset wipes the entire operating system partition, removing all lingering malware.
Plug into a PC. Drag the DCIM (Photos/Videos) folder off manually. Export contacts to a CSV file. Do not use a full cloud backup, as it may re-install the malware.
Go to Settings > Erase All Data / Factory Reset. This wipes the entire internal storage. Ensure your device is connected to power during this process. This permanently removes the hacker's access.
Do not restore from an old backup. Skip the backup restore prompt entirely. Download your apps manually one by one directly from the official Google Play or Apple App Store.
Phase 5: The Backdoor Audit & Security Hardening
Hackers often leave "secret rules" in your digital accounts to spy on you *after* you have cleaned your device. Use a trusted computer to check these critical settings:
Go to Settings > Forwarding (Gmail/Outlook). Delete any unknown email addresses. Also, check Filters for rules that automatically delete emails from your bank or myGov.
In Google/Apple/Microsoft account security settings, find 'Security' or 'Devices'. Select the option to Sign out of all devices. This kicks the hacker out of all your accounts.
Change passwords for your bank, email, myGov, and social media. Use a strong, unique password for each, ideally using a password manager.
Phase 6: Official Reporting & Support (Government Agencies)
Once your immediate financial and device security is handled, you must report the incident to the relevant Australian agencies.
Use the official portal for all cybercrime types including hacking, identity theft, and online fraud.
ReportCyber Portal →Report the scam mechanism (e.g., the fake email, the dodgy call) to the National Anti-Scam Centre via Scamwatch.
Report to Scamwatch →If the hack started with unsolicited phone calls or text messages, report them here.
Report to ACMA →Phase 7: Long-Term Recovery & Monitoring
The recovery phase is about preventing future attacks and dealing with potential identity theft.
-
🛡️Implement Two-Factor Authentication (2FA)
Enable 2FA on every critical account (especially email and bank). Crucially, use an authenticator app (like Google Authenticator or Authy) instead of SMS.
-
📜Credit Report Lock
Consider placing a credit freeze or monitoring on your credit file with agencies like Equifax, Experian, or Illion to prevent criminals from opening new accounts in your name.
Frequently Asked Questions: My Phone Is Hacked
How do I know if my phone is hacked?
Common signs include fast battery drain, overheating when idle, random pop-ups or ads, apps you don’t remember installing, messages sent without your knowledge, or unusual account alerts. One symptom alone doesn’t always mean hacking — multiple signs together are a strong warning.
What is the first thing I should do if my phone is hacked?
Immediately turn on Airplane Mode. This cuts off Wi-Fi, mobile data, and Bluetooth, stopping remote access and data theft. Do not reset your phone or install security apps until you secure your accounts first.
Should I factory reset my phone if it’s been hacked?
Yes — but only after securing your email, banking, and identity accounts. A factory reset is the most reliable way to remove malware, but doing it too early can allow attackers to regain access through linked accounts or backups.
Can a hacker still access my phone after a factory reset?
If the phone is set up as new and not restored from an old backup, the malware itself is removed. However, hackers can still access your accounts if passwords, email forwarding rules, or active sessions were not secured beforehand.
Is it safe to use antivirus or phone cleaner apps?
Be cautious. Many “cleaner” or “security” apps are ineffective or malicious themselves. On mobile devices, factory resetting and account security is far more effective than relying on third-party scanner apps.
Can hackers steal money just from my phone?
Yes. Phones often provide access to banking apps, email password resets, SMS codes, and authentication apps. This is why securing financial accounts and identity services is critical in the first hour.
Do I need to report a hacked phone in Australia?
Yes. You should report the incident to ReportCyber (ACSC) and Scamwatch (ACCC), especially if financial loss, identity theft, or scams are involved. Reporting helps protect you and others.
Can Your IT and Tech Mates help if this feels overwhelming?
Yes. If you’re unsure about resets, account security, or hidden backdoors, Your IT and Tech Mates can guide you through the process calmly and safely, ensuring nothing critical is missed.
Phase 8: Comprehensive Mental Health & Community Support
Cybercrime is deeply stressful. You are not alone. These services offer free, confidential support for emotional, legal, and identity-related harms.
Crisis & Emotional Support (24/7)
Specialized Cyber & Abuse Support
Need Expert Guidance? Talk to Your Tech Mates
If the thought of the factory reset or finding hidden backdoors is overwhelming, don't panic. Our experts specialize in emergency recovery for Australians.
Pre-Reset Audit: We check for specific, critical backdoors before you wipe, ensuring you've gathered all necessary evidence.
Post-Recovery Hardening: We walk you through Phase 5, 6, 7 and 8, setting up non-SMS 2FA and ensuring your accounts are locked down properly.
Your IT and Tech Mates – Fast, Fair & Local Tech Support You Can Trust
Your IT and Tech Mates provides reliable, easy-to-understand tech support for homes, seniors, small businesses, and NDIS participants across Melbourne’s north. We repair and support computers, laptops, Apple iMacs & MacBooks, tablets, mobile phones, and gaming consoles, covering both hardware and software issues.
Our services include professional computer repairs across Melbourne North, fast and affordable phone repairs across Melbourne North, laptop screen and power repairs, virus removal, data recovery, system upgrades, and Wi-Fi and internet troubleshooting.
We also help customers stay safe online with phone and device security checks. If you’re worried about suspicious activity, pop-ups, or scams, our technicians can assess your device and guide you through what to do if your phone may be hacked.
Additional services include gaming console repairs, CCTV installation, and secure home and business network setup.
Your IT and Tech Mates proudly offers friendly, patient tech help for seniors, including device setup, email support, scam protection, and one-on-one guidance designed to build confidence and independence.
We are also a trusted provider of NDIS technology support, offering NDIS computer repairs and NDIS phone repairs to help participants stay connected and supported.
For growing businesses, we deliver managed software development, digital transformation services, and AI automation solutions to improve efficiency, security, and scalability.
All services are delivered through TheFixers.APP – your local neighbourhood technician referral network – connecting you directly with trusted professionals, without call centres or confusion.
Fast response. Clear pricing. Local experts.