Think your phone is hacked? Start with what changed.

Most searches for "is my phone hacked" happen after a stressful moment: a scam text link, a fake delivery page, a browser warning, a strange pop-up, an app prompt, a password form, or a security alert. The useful first question is not whether the phone is definitely hacked. It is what changed after the click.

A link click by itself is different from entering a password, sharing a one-time code, installing an app, approving a profile, opening a download, allowing permissions, entering payment details, or giving someone remote access. This page helps you sort those situations without treating every slow phone or spam text as proof of compromise.

Clicking is not the same as being hacked

A suspicious link can lead to a real problem, but the click is only one part of the story. Modern iPhone and Android devices are built to block many automatic installs and known harmful pages. That does not make every click safe; it means the details after the click matter.

If the link was a fake login, delivery, bank, social media, or account page, the main risk may be phishing: the page was trying to make you type a password, code, card number, address, or other information. If the link came through a suspicious text message, the pattern may also fit smishing.

Signs that matter more

Some signs deserve a closer look because they connect directly to accounts, permissions, apps, money, or device management. Treat these as stronger signals than a slow phone by itself.

• A login alert, password reset, or two-factor code you did not request.
• A recovery email, recovery phone number, trusted device, or backup method you do not recognize.
• Messages, emails, posts, purchases, or payment requests sent from your account that you did not send.
• A new email forwarding rule, filter, connected app, or account permission you did not add.
• An unknown app, remote-access app, VPN, device management profile, browser extension, or permission change.
• A download or app install that happened after the link, especially outside the official app store.
• Bank, card, payment app, or crypto activity connected to the suspicious page or call.
• Pop-ups or redirects that continue outside the one suspicious site, especially if paired with unknown apps or permissions.

Signs that can be unrelated

Battery drain, a warm phone, a slow browser, spam texts, a dropped call, a random robocall, or one scary pop-up can happen for reasons that are not a phone hack. They are worth noticing, but they are stronger evidence when paired with account alerts, unknown apps, downloads, profile prompts, remote access, or payment activity.

• Spam texts after clicking can mean your number is on a list, not necessarily that the phone is controlled.
• A slow phone can come from storage, old apps, weak signal, background activity, or normal battery wear.
• One fake virus pop-up is often an ad or scam page trying to make you call or install something.
• More scam calls after sharing your phone number may reflect information exposure, not device compromise.
• A website redirect may be tied to the site or ad network, not every app on the phone.

iPhone checks

For iPhone, focus on account access, installed apps, profiles, VPN or device management settings, unwanted calendar subscriptions, and iOS updates. Do not install an app or profile because a website says your phone is infected.

• Check Settings for your Apple Account name and review devices connected to the account.
• If you entered your Apple Account password, change it from official Apple settings or account.apple.com and keep two-factor authentication on.
• Look for unfamiliar apps and remove apps you did not install.
• Check Settings > General > VPN & Device Management for unfamiliar profiles, VPNs, or device management entries.
• If strange calendar events appeared, review and remove unwanted calendar subscriptions instead of treating it as proof the phone is hacked.
• Update iOS from Settings, not from a pop-up or link.
• If the phone belongs to work or school, check with that administrator before removing a legitimate management profile.

Android checks

For Android, focus on unknown apps, app permissions, apps installed from outside Google Play, Play Protect, browser notifications, Google Account security activity, and Android updates.

• Open your Google Account security settings and review recent security activity, signed-in devices, recovery options, and third-party access.
• Use Security Checkup for account recommendations, especially if you typed a Google password or code.
• Review installed apps and remove apps you do not recognize or did not intentionally install.
• Review app permissions for sensitive access such as SMS, notifications, accessibility, camera, microphone, location, and files.
• Check that Play Protect is on and review any warnings about harmful apps.
• Be especially careful with APK or install prompts from a browser, text, email, or social message.
• Update Android and apps through official settings and Google Play.

If you entered a password or code

When a password or one-time code was entered, the priority is the account. The phone may be fine, but the account can still be at risk if the page captured what you typed.

• Change that password from the real app or website, not from the link.
• Change the same password anywhere else it was reused.
• Sign out of other sessions or devices you do not recognize.
• Review recovery email, recovery phone, backup codes, authenticator apps, and trusted devices.
• Check email forwarding rules, filters, connected apps, and payment settings.
• Do not share another code with anyone who contacts you about the incident.

If an app, profile, or remote access was installed

This deserves more attention than a link-only click. Unknown apps, remote-access tools, accessibility permissions, profiles, VPNs, or management settings can change what someone can see or control. If a pop-up or caller told you to install support software, this may overlap with a tech support scam.

• Disconnect any active screen-sharing or remote-control session.
• Remove the remote-access app or unknown app you installed for the caller or page.
• On iPhone, remove unfamiliar profiles or VPN/device management entries that should not be there.
• On Android, remove apps installed outside trusted sources and review sensitive permissions.
• Change passwords from a different trusted device if the person could see your screen or accounts.
• Contact a bank, card issuer, payment app, or work/school IT team if those accounts were open or visible.
• Factory reset is not the default first step for every click. Consider it only after you have saved key evidence and if trusted support, your employer, or the device maker indicates the device cannot be trusted.

If card, bank, or personal information was entered

At that point, the practical problem may be financial or identity exposure rather than the phone itself. Contact the relevant provider quickly and keep a copy of what happened. If a scammer has sensitive personal details, use the ScamClarity identity exposure guide for the broader identity steps.

• Card number or bank login: contact the bank, card issuer, or payment provider from the official app, website, or card number.
• Social Security number, driver's license, passport, or tax information: use official identity-theft resources and consider credit protections based on what was shared.
• Address, phone, date of birth, or email: expect follow-up calls, texts, and emails that use those details to sound real.
• Payment sent: save the receipt, transaction ID, recipient details, and messages before contacting the provider.

What not to do now

• Do not keep clicking the suspicious link to see what happens.
• Do not install apps, profiles, VPNs, APKs, certificates, or updates from the suspicious page.
• Do not share one-time codes, passwords, passcodes, recovery keys, or backup codes.
• Do not call numbers from pop-ups, browser warnings, texts, or emails that claim your phone is infected.
• Do not pay a recovery service or remote helper that promises to clean the phone or get money back.
• Do not factory reset before saving key evidence if money, account access, or identity information is involved, unless trusted support tells you it is necessary.
• Do not assume every slow phone, warm phone, spam text, or battery problem proves hacking.

What to save

Where to report or get help

ScamClarity is not an official reporting destination and cannot confirm whether a phone is hacked. Use the organization that controls the account, device, payment, or report.

• Apple Support or your Apple Account settings: use this if your Apple Account, iPhone profiles, calendars, subscriptions, or Apple device list was affected.
• Google Account help or Android support: use this if your Google Account, Android apps, Play Protect, device list, or recovery information was affected.
• Bank, card issuer, payment app, or crypto exchange: contact them if card, bank, payment, wallet, or transaction details were entered or shown.
• FTC ReportFraud: report phishing, text scams, fake support pop-ups, impersonators, and fraud attempts.
• IdentityTheft.gov: use it if sensitive identity information was exposed or misused.
• FBI IC3: file a report for internet-enabled fraud, account takeover, larger losses, or organized online crime.
• Mobile carrier: contact the carrier if your SIM, phone number, SMS forwarding, port-out, or carrier account may be involved.
• Work or school IT: contact them if the phone, email, app, profile, or account is managed by an employer or school.

Official sources

These sources support the practical guidance in this article. They are listed by purpose rather than as a general bibliography.

FAQ

Can clicking a scam link hack my phone?

Clicking a link does not automatically mean your phone was hacked. Risk goes up if you entered a password or code, approved a sign-in, installed an app, installed a profile, opened a suspicious file, allowed sensitive permissions, entered payment details, or gave remote access.

What if I clicked but entered nothing?

Close the page, avoid reopening it, save the message if you may report it, and check for downloads, app installs, profile prompts, and account alerts. If none of those happened, focus on reporting and watching for follow-up scams.

Do I need to factory reset my phone?

Not as the default first step. A reset may be appropriate in some serious app, profile, remote-access, stalking-app, or managed-device situations, but it can also erase evidence and create extra work. Start by saving evidence, removing unknown apps or profiles, securing accounts, and using trusted support when needed.

What if the page did not load?

If nothing loaded and you entered nothing, the immediate account risk is usually lower. Still save or report the message, avoid retrying the link, and check for any downloads, prompts, or account alerts.

What if I entered my password?

Change that password from the real app or website, change it anywhere else it was reused, sign out of unfamiliar sessions, check recovery options, and review recent account activity.

What if an app or profile installed?

Remove the unknown app or profile, review permissions, update the phone and apps from official settings or app stores, and change passwords from a trusted device if the app or profile may have exposed account activity.

How do I know if my iPhone is hacked?

Look for account alerts, unfamiliar Apple Account devices, unknown apps, unfamiliar profiles or VPN/device management entries, unwanted calendar subscriptions, and changes you did not make. Do not treat one pop-up or slow performance by itself as proof.

How do I know if my Android is hacked?

Look for unknown apps, sensitive permissions you did not approve, Play Protect warnings, unfamiliar Google Account activity, recovery changes, browser notification abuse, or payment/account activity you do not recognize.

What signs matter most?

Account sign-ins, password resets, recovery changes, unknown apps, profiles, remote-access tools, sensitive permissions, payment activity, and messages sent from your account matter more than battery drain or slow performance alone.

What should I report?

Report the scam message, suspicious account activity, unauthorized payment, exposed identity information, or internet-enabled fraud to the provider that can act on it. Use FTC ReportFraud, IdentityTheft.gov, IC3, Apple, Google, your bank, your carrier, or work/school IT depending on what happened.