This article was reviewed by Luigi Oppido and by wikiHow staff writer, Nicole Levine, MFA. Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years.
There are 9 references cited in this article, which can be found at the bottom of the page.
This article has been fact-checked, ensuring the accuracy of any cited facts and confirming the authority of its sources.
This article has been viewed 168,019 times.
Were you the target of a phone number cloning or SIM swapping scam? You're not alone—phone cloning and other violating forms of phone hacking is far too common. But don't worry—we're here to help you regain control of your phone. This wikiHow article will show you signs that your phone or SIM card is cloned, help you reverse the damage, and teach you how to stay safe from the most common forms of cellular fraud.
Reversing a Phone Cloning
- Contact your mobile carrier to report your phone being cloned. Ask them to disconnect your current phone number and SIM card and do a factory reset of your phone.
- Change all of your passwords and check your phone bill and bank account for any unauthorized charges.
- Report the phone cloning to your local police department and the federal fraud bureau, and place a fraud alert with Experian, TransUnion, or Equifax.
Steps
Signs Your Phone or SIM is Cloned
-
You suddenly can't use your phone. If someone cloned your SIM card or swapped it to their own phone, you often won't be able to make or receive calls or texts (other than calling 911 or SOS) because the hacker has control of your phone number.
-
Your phone appears to be somewhere else. If you've set up Find My iPhone on your iPhone or Find My Device on your Android, your phone might be showing up in a very different location.
- You can check the location of your phone using a web browser on any computer:
- Android: https://www.google.com/android/find
- iPhone: https://www.icloud.com/find
Advertisement - You can check the location of your phone using a web browser on any computer:
-
You see unauthorized calls or activity on your phone bill. If someone cloned your phone number or SIM card, they could be using your phone number to make calls and run up your phone bill in the process.[1]
-
Your provider contacts you about recent changes. If someone conned your carrier into porting your number to a different SIM card, you might receive an email or text confirmation that says your SIM was updated. They may also contact you to ask if you've been traveling abroad.
-
You received a text asking you to restart your phone. This might happen if someone cloned your SIM card—once your device is off, the hacker would be able to steal your phone number.
-
Your voicemails are disappearing. If you knew you had voicemail but the messages are no longer available, someone else might be checking your voicemail.
How to Unclone Your Phone
-
Contact your mobile carrier. Before you do anything else, contact your mobile phone provider to report that your phone number is compromised.[2] Let them know what happened, and ask them to immediately disconnect your current phone number and SIM card and issue you a new one.
-
Change your passwords. Don't use your cloned phone to do this, just in case there's spyware on your phone. Log in to your computer, and reset the passwords for your bank, Apple ID, Google account, email address, and social media services.
-
Check your phone bill and bank account for unauthorized charges. If someone cloned your phone number and/or SIM card, they may have been able to run up your phone bill or make purchases with your account information. Contact the fraud department at your bank or phone company to dispute unauthorized charges as soon as possible.[3]
-
File a police report. Contact your local police department to file an official report. Not only does this prompt an investigation, but your bank or mobile phone provider might need a police report to refund you for unauthorized charges.[4]
-
Place a fraud alert on one of the three major credit reporting bureaus. If you believe someone might have access to your personal information, create a fraud alert with Experian, TransUnion, or Equifax to make it more difficult for anyone to open new accounts in your name.[5]
-
Report identity theft to your federal fraud bureau. If your country has an official identity theft and fraud department, you can report the incident by phone or on the web. Some nations that have official reporting bureaus:
- Australia & New Zealand: Visit https://www.idcare.org or call ID Care at 1800 595 160 (Australia) / 0800 121 068 (New Zealand).
- Canada: Report online at https://antifraudcentre-centreantifraude.ca/ or by phone at 1-888-495-8501.
- UK: Visit https://www.actionfraud.police.uk/ or call 0300 123 2040. If abroad, dial +44 300 123 2040.
- United States: File a report online at https://www.identitytheft.gov or call 1-877-438-4338.
-
Do a factory reset of your phone. Whether you have an iPhone or Android phone, you'll want to erase everything on your phone and restore it to its original factory settings in case the perpetrator installed spyware on your phone. Once you do this, you can place your new SIM card into the phone and set it up as new.
Types of Phone Cloning & Attacks
-
SIM swapping. SIM swapping, also known as SIM jacking, occurs when an unauthorized person convinces your mobile carrier's support team to transfer your phone number to their phone and SIM card.[6] This disconnects your phone number from your own phone and allows the hacker to receive your phone calls and text messages, as well as make calls and send texts as you.
- If a hacker successfully gets a hold of your phone number, they can then reset your passwords and access any of your accounts that require two-factor authentication, including your online banking service.
-
SIM cloning. The goal of SIM cloning is mostly the same as SIM swapping (gaining control of your phone number and accounts) but requires the hacker to have physical access to your phone. If the hacker can remove your SIM card, they don't have to contact your carrier to gain control of your phone number—they can just insert your SIM card into a card reader that makes an exact clone.[7] What happens next depends on the hacker's motives:
- The hacker can put the cloned SIM into their own phone, restart your phone, and then take control of your phone number the moment your phone turns off. The hacker can then receive your phone calls and texts, just as they would with a SIM swap.
- The hacker also has access to all data on the card, including your call history and saved contacts (if you save this information to your SIM card).
- Depending on the software the hacker is using, they may skip stealing your phone number and instead use the cloned SIM to spy on your future text messages, voice calls, and location without you knowing.
-
Spyware monitoring apps. If a hacker installs spyware on your phone, they can use it to monitor everything you do. Hackers can trick you into installing spyware on your own phone in many ways, including by getting a hold of your phone when you're not looking, contacting you pretending to be technical support, or by sending you a phishing text or email that tricks you into sharing your password.[8]
-
Phone cloning. The purpose of phone cloning is usually to commit fraud from your phone number, whether it be to make free phone calls or cover their own tracks to commit crimes.[9] Hackers can clone phones without hacking into them or gaining physical access—they'll just need to be close enough to the phone to use a radio wave monitoring device that can intercept its ESN and MIN number.
- Now that most cell phone providers run on digital networks, it's much more difficult for people to clone phones than it used to be.
Prevent Phone Cloning
-
Set up a PIN with your mobile phone provider. When you set up a difficult-to-guess verbal PIN with your provider, you'll be required to say or enter the PIN each time you call for assistance. This can prevent someone who doesn't know your PIN from gaining access to your account over the phone.[10]
- Don't use a password like your birthdate, social security number, or address. This information often appears in data breaches and is easy to guess.
-
Keep your phone's IMEI private. Be skeptical of services that asks you to enter your IMEI number through a web form—if someone has your IMEI, they might be able to use that information to convince your provider to give them your phone number.
-
Watch out for phishing attempts and scams. People can gain access to your phone by tricking you into divulging personal information over the phone, via text or email, or by getting you to sign in to fake websites with your account information. Avoid clicking suspicious links or giving personal information to people who contact you randomly—they might not be who they say they are.[11]
-
Set up two-factor authentication using an app, not SMS. If you use two-factor authentication when signing into your accounts (and you should), opt to use an authentication app like Google Authenticator, Authy, Duo, or Microsoft Authenticator instead of receiving a code via SMS.[12]
-
Put a password on your SIM card. Whether you're using an Android or iPhone, you can add a password to your SIM card that makes it more difficult for people to clone your SIM card, even if they have physical access to your phone.[13]
Expert Q&A
Tips
References
- ↑ https://www.fcc.gov/consumers/guides/cell-phone-fraud
- ↑ https://www.acma.gov.au/what-do-if-your-mobile-number-has-been-stolen
- ↑ https://www.identitytheft.gov/Steps
- ↑ https://www.fcc.gov/consumers/guides/cell-phone-fraud
- ↑ https://www.identitytheft.gov/Steps
- ↑ https://www.fcc.gov/consumers/guides/cell-phone-fraud
- ↑ https://www.fcc.gov/consumers/guides/cell-phone-fraud
- ↑ https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
- ↑ https://www.geeksforgeeks.org/what-is-mobile-phone-cloning/