Your Phone Is Hacked: What Do I Do?
This guide is used by Australian IT professionals to respond to real hacked-phone emergencies. Follow the steps in order. Most cases are fixable.
If you believe your phone has been compromised, acting quickly and calmly is critical. These are the immediate steps you must take. Based on Your IT and Tech Mates' extensive experience handling real IT support and cyber cases, we created this definitive, 8-phase recovery plan specifically for Australians. To protect yourself, ensure you secure your phone and accounts step by step. Follow every step in order, as speed is critical to protecting your finances and identity from cybercrimes.
Professional Recovery Guide Provided Free
This step-by-step roadmap contains the exact incident response protocols used by Australian cybersecurity consultants charging $250+/hr. We provide it free to help our Epping & Wollert neighbors stay safe.
Who This Emergency Guide Is For
Prepared using real incident response workflows followed by Australian IT professionals.
- Australians who believe their phone has been hacked or compromised
- People seeing unusual battery drain, pop-ups, or unknown apps
- Seniors, parents, or non-technical users needing clear steps
- Anyone worried about banking, myGov, or identity theft
Phase 1: The First 5 Minutes (Stop the Bleeding)
If my phone is hacked, the hacker is likely using your data connection to "talk" to your device (exfiltrate data or receive commands). Therefore, you must cut the cord immediately.
-
✈️Activate Airplane Mode Immediately
Switch it on immediately. This is the fastest way to cut all Wi-Fi, Cellular, and Bluetooth connections, stopping remote access and data transfer. Your phone can still be used offline for reference.
-
🔍The "Spy App" Audit
Look for any unknown apps, especially legitimate-looking remote access tools like AnyDesk, TeamViewer, or Zoho Assist. Scammers use these for screen sharing. If you didn't install them, delete them instantly.
-
📵Kill the Secret Forwarding
Open your phone dialer. Dial *#21# to check if your calls/SMS are being forwarded. Then, dial ##002# to cancel all redirections. This prevents hackers from intercepting 2FA codes.
Find Your Local Repair Experts
Visit our closest service hub for an honest assessment and quick turnaround. Local guidance for Epping and Wollert residents is available through our professional computer security assessment and professional phone security assessment . We focus on real device condition — not upselling or unnecessary replacements.
How do I know if I’m a victim of a cybercrime?
Cybercrime is often subtle. If you notice even two or more of these warning signs, your identity or finances could be at risk.
-
🔐Locked out of accounts
Your passwords suddenly stop working for email, social media, or banking.
-
💰Mystery bank activity
Strange withdrawals or small "test" purchases appear on your statement.
-
📨Spam explosion
A sudden flood of emails and texts for services you never signed up for.
-
🏛️Fake "Official" alerts
Pushy messages pretending to be from the ATO, myGov, or your bank.
-
📬Missing bills
Your physical utility or phone bills stop arriving in your letterbox.
-
💳Unknown debt
You are contacted by debt collectors or rejected for credit unexpectedly.
-
⚡Glitchy devices
Your phone is crashing, overheating, or opening programs by itself.
-
🎁Surprise benefits
A notification arrives about a government payout you never applied for.
-
👤Social media ghosts
Posts, comments, or messages appear on your profile that you didn't write.
-
📢Data breach alerts
Official emails confirming your data was leaked in a company hack.
Your Tech Mate Tip: If you are seeing these signs, don't panic. Most local cases in the Northern Suburbs are recoverable if caught early. Follow the phases below or call us for an emergency security audit.
Phase 2: Secure Your Finances (The Hour of Protection)
Use a trusted, separate device (a desktop computer or a friend's phone) to perform these actions while your compromised phone remains in Airplane Mode.
Australian Identity
Your Medicare, ATO data, and personal documents are major targets. Do not delay these calls:
IMPORTANT: State clearly that your phone was compromised so they can flag your identity immediately.
Phase 3: Optional Step: Consult Your IT or Tech Mates
Before proceeding to the nuclear option (Phase 4), you may want to quickly consult a trusted tech-savvy friend or your workplace IT department (if applicable and using a separate, clean device).
-
🤝What to Ask Your Consultant
Ask them to verify if any banking/email backdoor configurations were successfully implemented by the hacker. They may be able to spot subtle account changes you missed during Phase 2.
-
⚠️The Hard Truth
While an expert might confirm the hack, a full factory reset (Phase 4) remains the most secure method of sanitizing the device. Do not let them talk you out of the reset unless they can physically verify the device is clean.
Phase 4: The Deep Clean (Removing the Malware)
Admittedly, resetting your phone is tedious, but it is the only way to be 100% sure the hack is dead. A factory reset wipes the entire operating system partition, removing all lingering malware.
Plug into a PC. Drag the DCIM (Photos/Videos) folder off manually. Export contacts to a CSV file. Do not use a full cloud backup, as it may re-install the malware.
Go to Settings > Erase All Data / Factory Reset. This wipes the entire internal storage. Ensure your device is connected to power during this process. This permanently removes the hacker's access.
Do not restore from an old backup. Skip the backup restore prompt entirely. Download your apps manually one by one directly from the official Google Play or Apple App Store.
Phase 5: The Backdoor Audit & Security Hardening
Hackers often leave "secret rules" in your digital accounts to spy on you *after* you have cleaned your device. Use a trusted computer to check these critical settings:
Go to Settings > Forwarding (Gmail/Outlook). Delete any unknown email addresses. Also, check Filters for rules that automatically delete emails from your bank or myGov.
In Google/Apple/Microsoft account security settings, find 'Security' or 'Devices'. Select the option to Sign out of all devices. This kicks the hacker out of all your accounts.
Change passwords for your bank, email, myGov, and social media. Use a strong, unique password for each, ideally using a password manager.
Phase 6: Official Verification & Legal Reporting
Once your immediate financial and device security is handled, you must verify the incident against official government facts and report it to the relevant Australian agencies. Our recovery workflows at Your IT and Tech Mates are aligned with the Australian Cyber Security Centre (ACSC) incident response guidelines.
Step 1: Get the Official Facts
Before reporting, verify the specific type of breach using the Act Now Stay Secure fact sheets. This helps you provide accurate info to the police.
View Official Fact Sheets (Gov.au) →Use the official portal for all cybercrime types including hacking, identity theft, and online fraud.
ReportCyber Portal →Report the scam mechanism (e.g., the fake email, the dodgy call) to the National Anti-Scam Centre via Scamwatch.
Report to Scamwatch →If the hack started with unsolicited phone calls or text messages, report them here.
Report to ACMA →Professional Service Value
What an Australian Cyber Consultant would charge you
Cybersecurity is one of the most expensive services in the Australian IT industry. Most specialized firms in Melbourne and Sydney charge minimums of $250 to $350 per hour for emergency incident response.
Immediate lockdown of banking and critical credentials.
2-hour manual review of account rules, MFA, and device history.
Professional malware scanning and OS security hardening.
Guidance on ACSC, Scamwatch, and legal documentation.
Total Market Value: $1,150+
You can save over $1,100 by following this DIY guide today.
Phase 7: Long-Term Recovery & Monitoring
The recovery phase is about preventing future attacks and dealing with potential identity theft.
-
🛡️Implement Two-Factor Authentication (2FA)
Enable 2FA on every critical account (especially email and bank). Crucially, use an authenticator app (like Google Authenticator or Authy) instead of SMS.
-
📜Credit Report Lock
Consider placing a credit freeze or monitoring on your credit file with agencies like Equifax, Experian, or Illion to prevent criminals from opening new accounts in your name.
Frequently Asked Questions: My Phone Is Hacked
How do I know if my phone is hacked?
Common signs include fast battery drain, overheating when idle, random pop-ups or ads, apps you don’t remember installing, messages sent without your knowledge, or unusual account alerts. One symptom alone doesn’t always mean hacking — multiple signs together are a strong warning.
What is the first thing I should do if my phone is hacked?
Immediately turn on Airplane Mode. This cuts off Wi-Fi, mobile data, and Bluetooth, stopping remote access and data theft. Do not reset your phone or install security apps until you secure your accounts first.
Should I factory reset my phone if it’s been hacked?
Yes — but only after securing your email, banking, and identity accounts. A factory reset is the most reliable way to remove malware, but doing it too early can allow attackers to regain access through linked accounts or backups.
Can a hacker still access my phone after a factory reset?
If the phone is set up as new and not restored from an old backup, the malware itself is removed. However, hackers can still access your accounts if passwords, email forwarding rules, or active sessions were not secured beforehand.
Is it safe to use antivirus or phone cleaner apps?
Be cautious. Many “cleaner” or “security” apps are ineffective or malicious themselves. On mobile devices, factory resetting and account security is far more effective than relying on third-party scanner apps.
Can hackers steal money just from my phone?
Yes. Phones often provide access to banking apps, email password resets, SMS codes, and authentication apps. This is why securing financial accounts and identity services is critical in the first hour.
Do I need to report a hacked phone in Australia?
Yes. You should report the incident to ReportCyber (ACSC) and Scamwatch (ACCC), especially if financial loss, identity theft, or scams are involved. Reporting helps protect you and others.
Can Your IT and Tech Mates help if this feels overwhelming?
Yes. If you’re unsure about resets, account security, or hidden backdoors, Your IT and Tech Mates can guide you through the process calmly and safely, ensuring nothing critical is missed.
Phase 8: Comprehensive Mental Health & Community Support
Cybercrime is deeply stressful. You are not alone. These services offer free, confidential support for emotional, legal, and identity-related harms.
Crisis & Emotional Support (24/7)
Specialized Cyber & Abuse Support
Need Expert Guidance? Talk to Your Tech Mates
If the thought of the factory reset or finding hidden backdoors is overwhelming, don't panic. Our experts specialize in emergency recovery for Australians.
Pre-Reset Audit: We check for specific, critical backdoors before you wipe, ensuring you've gathered all necessary evidence.
Post-Recovery Hardening: We walk you through Phase 5, 6, 7 and 8, setting up non-SMS 2FA and ensuring your accounts are locked down properly.
Computer & Laptop Repairs Melbourne North
Fast Epping & Wollert Tech Support You Can Trust
Providing reliable tech support across Melbourne North. From emergency laptop fixes to NDIS technology assistance, we are your local experts.
Computer & Laptop Repairs
Specializing in laptop screen and hinge repairs, battery replacements, and hardware upgrades.
View Epping Repair Guide →Phone Repairs
From trusted iPhone repairs to Android screen fixes. We help you decide to repair or replace.
Epping & Wollert Phone Fix →Security & Recovery
Think your phone is hacked? We provide virus removal and help secure your accounts.
Our Local Service Areas
Ready to fix your tech?
Book a local Epping & Wollert technician for same-day support.
WhatsApp a Technician Now