How to protect my phone from being hacked

Tips for defending your mobile advice against malware, hackers, and other threats

May 24, 2024

Sarah Cantu Headshot
Sarah Cantu

Sarah is a writer and editor who creates white papers, customer stories, and educational pieces for Plaid. Her favorite thing about fintech is that it makes financial awareness more accessible.

From texting loved ones to banking, we rely heavily on our phones. So getting hacked or having your phone stolen can have serious consequences—like being at greater risk of identity theft or losing access to your financial accounts. Taking the right steps to protect your device can defend you against those risks.

The biggest threats to your phone’s security 

Protecting yourself starts with understanding what threats you should be defending yourself against.

Identity theft 

Identity theft is when attackers use stolen identity information like social security numbers to open accounts or commit fraud. Losing your phone or having your personal data exposed in a breach are common risk factors.

Account takeovers 

Account takeovers (ATOs) are when attackers break into your financial accounts using stolen usernames and passwords, locking you out. Attackers may also try credential stuffing which involves trying different credential combinations, often with bots, to access your accounts. 


Phishing is a common scam where attackers use fraudulent websites or messages to steal personal information. Attackers will even trick people into sharing one-time passwords (OTPs) on fake login pages. Then, they use that information to steal identities or take over accounts.

Repackaged and suspicious apps

Repackaged apps are infected versions of legitimate apps that spread mobile malware. But apps don’t have to be repackaged to be untrustworthy. Use caution whenever you download something new, because some apps are designed purely to spread malware or spyware. 

Public Wi-Fi

Public or unknown Wi-Fi networks can also put your sensitive data at risk. When you’re on the same network as an attacker, it's easier for them to see your activity. This is especially true on unencrypted websites. Encryption is the practice of obscuring data so that attackers can’t decode or understand it. You'll know if a website is encrypted if the URL starts with "HTTPS" rather than "HTTP." So make sure you only click on links with HTTPS.


Theft and loss are the most obvious threats to your phone, but they're also some of the most important. Attackers can use the personal data on your phone to take over accounts. Apps often check if users are logging in from a device they’ve used before for security purposes. So when an attacker uses your phone, their activity on your apps will seem less suspicious because the device is familiar. 

Shoulder surfing 

In shoulder surfing, attackers watch your screen to snoop on your personal information. For instance, someone sitting next to you on the bus could watch you log in to your bank. If they’re able to figure out your username or password, they could try to access your bank account later on.

The best ways to protect your phone from hackers

Fortunately, there are lots of ways you can protect your phone against these threats.

Update your phone and apps 

Software updates will help you stay on top of the latest security fixes. As mobile operating systems like iOS and Android find vulnerabilities, they’ll release updates to address them. Staying on top of these updates will protect you against the latest threats.

Download apps with care 

Only get apps from trustworthy places, like the app publisher’s website or official marketplaces like the App Store and Google Play Store. Also, make sure that the app publisher itself is reputable. For instance, if you’re downloading an app and the publisher’s name is unfamiliar or not what you’d expect, read the reviews and do some research to make sure it’s safe. 

Use biometrics

Protect your device with biometrics like fingerprints or Face ID because these are harder to fake. Requiring a fingerprint to unlock your phone or make purchases on apps can protect you if your phone gets stolen. 

Use hard-to-guess passwords

Just having a password isn’t good enough, the password also needs to be strong and kept private. As Plaid Security Engineer Jeet Damania puts it, “If you use passwords like “12345678” or “password”, you may as well not have a password. Let’s say your PIN is the last four of your phone number, that doesn’t add any security because it’s too easy to guess.” 

Manage passwords well

Passwords are often your first line of defense against attackers, so periodically check if your login information has been exposed in breaches. That way, you know what passwords are most important to update. Not repeating passwords can help keep more of your accounts safe, too. 

Don’t share your password or write it somewhere others can easily access. Consider using a password manager to help you create passwords that attackers can’t easily guess. But of course, you’ll want to create a strong and private password to secure the password manager itself. 

Add security layers to protect your phone and apps

Turn on multi-factor authentication (MFA) for the apps and websites you regularly use. MFA is a second authentication method tied to your account. When you have MFA turned on, you’ll be asked to complete a second step when you log in, like verifying a one-time code sent to your device or email account. 

Go passwordless with passkeys

Passkeys are a password alternative that uses biometrics like Touch ID or Face ID. Instead of relying on passwords, they verify you with a specific key on your device. This makes them much harder to steal or misuse. They are phishing-resistant and have two-factor authentication built-in.

Watch out for scams

Be wary of unexpected calls, text messages, or social media messages asking for your information, as these could be phishing attacks. There are a few different tactics attackers often use, like saying there was an issue with your account or a delivery. Or that there’s an urgent task for you at work. 

If you receive one of these messages, be careful not to click any links or attachments as they could contain infected files or links to unsafe websites. Be careful of attackers pretending to be Plaid too. “Plaid will send you an OTP for your account, and that OTP should not be shared with anyone. It should be kept safe with you. But we will never call you asking for a bank password or a one-time password. Ever.” says Damania. 

Choose safe apps

In addition to only downloading apps from reputable websites and publishers, also consider the types of security measures your apps use. 

For instance, apps that use some form of identity verification are taking extra steps to protect you. Identity verification checks might include requiring you to take a selfie making a certain gesture to prove you’re a real person. Or they might ask you to upload a picture of your driver’s license. These precautions verify that you are who you say you are, which will come in handy if your phone is ever lost or stolen. 

Avoid public Wi-Fi 

Public networks, like the ones at coffee shops or hotels, can put you at risk of security issues. If you do have to use a public Wi-Fi network, consider also using a virtual private network (VPN). A VPN will protect your activity with a layer of encryption, so attackers can’t steal your information. 

You can also consider protecting your home Wi-Fi from guests. “Create a guest network for when you have people over, and don’t share your Wi-Fi network password with everyone because, at the end of the day, you’re going to connect to that same network for work, banking, and more,” advises Damania.

Turn on device-locating

Opting into features like “Find My Phone” can help you find your device if it’s lost or stolen. If you have an Apple device, you can also use Stolen Device Protection, which adds extra security for stolen phones. This could include requiring biometric authentication to access saved payment methods, which prevents a thief from using your phone to do more damage.

Privacy screens

Privacy screens can protect against shoulder surfing. You’ll be able to see your screen, but it will be darkened to the people next to or behind you so they won’t be able to read it. 

Anti-virus protection

Protect your phone from viruses with antivirus tools such as Kaspersky and McAfee, which are designed to stop hackers and malicious software.

Is one type of phone more secure than another? 

Sometimes people will believe that their phone is less likely to be hacked because of its operating system or how new it is. But it’s not that simple. 

“A big misconception is that one system is better than another. A lot of people think that an Android phone is more vulnerable than an Apple device, which is not necessarily true…The strength of an attack doesn’t depend on the device you have, it depends on the intention of the end-user. In the hands of a thief or hacker, any type of phone will be vulnerable,” says Damania.

Regardless of whether you're an iPhone or Android user, it’s important to take precautions to keep your information safe. 

Plaid's 2023 Fintech Effect Survey

Navigate the latest consumer trends, create lifetime customers, and grow your business

How to know if your phone has been hacked 

The risk of your phone or apps being hacked is highest when it’s been lost or stolen. If you left your phone unattended or lent it to a stranger, you may also be at a higher risk. 

If you find unfamiliar apps or activity on your phone, like calls you didn’t make or messages you didn’t send, your phone might have been compromised. So keep an eye out for unexpected changes like these. And if your phone is suddenly not working well—like running slowly or apps turning off unexpectedly—that may be another warning sign. 

What to do if your phone is stolen 

It’s scary to think what can happen if your phone gets stolen, but the right precautions will protect you against bigger consequences. 

“Basic phone hygiene means a lot at this point. Do you have biometrics on? Do you have PIN security enabled and a strong PIN? Do you have a password? All of those measures will make a big difference if your phone is stolen,” shares Damania. 

Here are four steps you can take if your phone is stolen.  

  1. Lock down your apps: Access your most important apps, like banking or work accounts, from another device. Then, change your passwords and sign out of all devices. You should also remove payment methods from all of the apps you have on your phone, like food delivery services or shopping apps. 

  2. Remove payment methods from wallets like Apple Pay, Google Pay, and Venmo. That way an attacker can’t access them and buy things with your money. If you can’t do this remotely, you can freeze any credit or debit cards tied to your phone.

  3. Use location-tracking tools like Find My Phone to physically track the device and report that information to the authorities. You can also use Activation Lock to remotely lock down a lost or stolen iPhone. Consider reporting the phone lost or stolen to your service provider and the police for additional help. 

  4. Warn your friends and family that your phone was stolen in case they receive suspicious messages or calls from your phone number.

Protect your financial accounts with Plaid

Your fintech apps are some of the most sensitive items on your phone. Plaid helps you safely connect your financial accounts to those apps while giving you more control over your financial data. 

If your phone is lost or stolen, you can unlink connections you have made using Plaid by submitting a request with our online form or using Plaid Portal.

To learn more about Plaid’s privacy and security features, check out our Consumer Help Center.

Find out how Plaid can help your business grow

By submitting this form, I confirm that I have read and understood Plaid’s Privacy Statement.

This form goes to our sales team. If you have questions about connecting your financial accounts to a Plaid-powered app, visit our consumer help center for more information.