cancel
Showing results for 
Search instead for 
Did you mean: 

Is my phone being cloned/spoofed/hacked? Please help!!

chimayPM
Good Citizen / Bon Citoyen

Hello PM community,

 

I’m growing concerned by the following activity I’ve noticed over the past few weeks:

  • Numerous calls from unknown numbers, beginning with the same 6 digits (area code + 3 digits) as my own number; possibly to convince me they are local so I would pick up? I ignore them, and those that leave a voicemail are always fake robo-calls (similar to the Canada Revenue scams in the news).
  • Random apps being installed on my phone out of the blue; I uninstall them successfully but then they reappear within a couple of days. At first, I thought I had unwittingly downloaded something after I accidentally clicked an ad; but this has now occurred with 3 different apps, each re-installed multiple times without my permission. (I have detailed screenshots if needed)
  • Some abnormalities in the ‘My Usage’ log in my PM account. DUPLICATE or MULTIPLE entries are very common for both incoming and outgoing texts and calls. For example, a friend texted me ONCE at 8:35am but the log shows 4 ‘incoming texts’ in a row from her number with that timestamp. (Could this just be a glitch in the log?). Entries called ‘Web’ always appear twice, usually with one amount that seems reasonable (my data use is very conservative) and the other much larger, for example:chimayPM_1-1603395940267.png

Also, sometimes there is activity called a ‘Data Event’ (with ‘Data Usage: 1’ and ‘Usage Type: MMS’) – I can’t figure out what this refers to.

 

That being said, I’m not panicking yet because:

  • My monthly data cap has never been exceeded (to my knowledge);
  • No unusual financial charges (including Public Mobile account, credit card, debit, etc.);
  • No unusual activity or concerns with my email account.

QUESTIONS:

*How concerned should I be about this activity? Does anyone know what might be going on?

*Should I replace the SIM card, the device (it’s super old/cheap and I’ve been meaning to replace it anyway), or both?

*Any other recommended steps?

 

Thank you in advance!

15 REPLIES 15

chimayPM
Good Citizen / Bon Citoyen

Good to know, thank you @Korth !

The phone could have a keylogger or other spyware. Something capturing your data and sending it off to a collection point. Something that was part of the payload in any installed app, update, or operating system build which otherwise seems to work as intended.

 

I'd backup all the contacts, messages, photos, etc worth saving. Then hard reset the device back to original factory image. Maybe overkill but it's really the only way to be sure nothing bad persists. If you've got a deep-privilege keylogger or rootkit or whatever then changing all your passwords won't accomplish anything lasting.

chimayPM
Good Citizen / Bon Citoyen

Thank you so much to everyone who responded so quickly. The info about 'spoofing' numbers, longer SMS texts being broken into chunks, and the fact that 'Data Event' likely refers to sending/receiving a picture, are especially helpful.

 

I think I'll play it safe and replace both the SIM and phone as soon as possible, as suggested by a couple of people. Thanks again!!

chimayPM
Good Citizen / Bon Citoyen

OK great, thank you for the tips and the link!

chimayPM
Good Citizen / Bon Citoyen

Thank you, yes, I've changed my PM account password and will change other passwords too. I'm the only one using Google Play and it is not synched to any other devices, so I don't think that's it (but a good point to consider!).

 

I've been uninstalling the unwanted apps as soon as I see them.

metropublic
Model Citizen / Citoyen Modèle

@chimayPM  From what you describe it appears that you have malware installed on your phone. If the version of Android you are using is older without any security patches ever applied that would explain it. Some of the malware is persistence and will even survive factory resets.

 

My recommendation would be to replace your current device and purchase a device running the latest Android version from a manufacturer that offers timely updates.

gpixel
Mayor / Maire

@chimayPM first thing you can do is stop using that phone. change all your passwords. don't use the skyphone to do it. use a personal computer. I'll add more when I finish reading your post

 

*How concerned should I be about this activity? you should be very concerned

Does anyone know what might be going on?

yes,you have malware or even a chip inside the phone with malware.

*Should I replace the SIM card, the device (it’s super old/cheap and I’ve been meaning to replace it anyway), or both? yes it's probably a good idea to replace both. it also sounds like your sim has been cloned. one test you can do is, take your sim out and try calling your number to see if it rings

*Any other recommended steps?

yes, buy a used pixel device either pixel 3 or newer

I would NOT change your number....the one you get may be recycled for the same reason. Deal with blocking. 

 

Call Blocking

 

Just keep blocking. Eventually you will get it under control.

 

Keep in mind you may be blocking legitimate numbers as these callers “may” use legitimate numbers. It is called “Spoofing” which consists of altering the caller ID to show a different number than the one actually being used for making the telephone call. This is frequently done to mislead the person receiving the telephone call into believing that the call is either local, or from a trusted organization.

 

So before you block, check your contact list to make sure you are not  blocking a number you would expect a call from. Also Google 800Notes and confirm, sometimes, if it is a call that you absolutely don’t want. I have had a call from my own number. They spoof a number that is in your calling area to make you feel more confident to answer. 

 

I don’t recommend registering with a DO NOT CALL LIST. It puts your number on a list that callers CAN call you. SEE HERE

 

THE BEST WAY TO CONTROL IS TO CONTROL YOURSELF.

 

Also....be very suspect of a SCAM call if your caller ID only shows a number and no name. The name usually comes from YOUR contact list on your device. 

 

Keep your contact lists up to date AND block, block and block some more!!

Keeping your contact list up to date is very important as most calls that are NOT in your contacts list will show a phone number ONLY and that will tip you off, that the caller may be unknown to you. 

 

😀Changing your number is not a good idea if it was previously used. 😀

 

I too would also suggest to use the DO NOT DISTURB settings on your phone as well and make sure you set what options work best for you. If iPhone see here. 

 

LurganIeUk_0-1603398918399.png

 

 

 

Also SEE HERE for more information on blocking calls on both Android and iOS devices. 

 

https://mobilesyrup.com/2019/11/15/how-to-identify-block-spamc-calls-ios-android/

 

©️2020 

Anonymous
Not applicable

@Jb456 wrote:

SMS system has a length of 160 characters. So if I text you a book even though you get it on your phone as one big text. Those texts are split up. (I haven't checked this on Public Mobile  if they display multiple texts) I am just assuming they do.

 


This seems to all happen in the background of either the SMS relay or the texting client.

Yes it looks like you're sending one long message at your end and you press send. The magic happens after that. Then the recipients phone will do its magic. The phones I've used so far in my texting career all appear to be as one text.

Some clients can give you a character count and even a block count of the multiple pieces.

@chimayPM 

 

Well for the numerous calls from unknown numbers. First 6 digits sometimes like your number or Canada revenue agency. These a spammers and pretty much everyone with any cell provider gets these. 

 

All you can do is block them but they will still call as they spoof their numbers and use autodialers.

 

If you're not attached to your phone number consider changing your number. One change per 30 days. You can do it in your account by clicking "Change Number". 

 

Orange arrow on picture below.

Screenshot_20200629_182641.jpg

For your app thing. What kind of apps are you talking about. Can you give a name that continues to appear on your phone?

 

You said you "unwittingly clicked an ad". What kind of ad / popup are we talking about? Like on a movies stream site where you get a bunch of popups? And if you accidentally accept all notifications instead of block then your phone notifications will get messages to download this and that?

 

Or something else?

 

You could always just back up all your important stuff on your phone then do a factory reset and everything will be wiped from the phone and installed fresh again.

 

For your text thing. What size / length of text are we talking about?

 

Is it big texts?..SMS system has a length of 160 characters. So if I text you a book even though you get it on your phone as one big text. Those texts are split up. (I haven't checked this on Public Mobile  if they display multiple texts) I am just assuming they do.

 

For "Web" that's each time your phone connected to Mobile Data. That all depends on how your settings are on your phone and what apps you use. Like is your phone set to not use wifi assist / wifi plus that automatically switches to data if wifi is weak. Are your settings set to download updates via wifi only, what apps you use , Facebook, WhatsApp, etc etc are they set to run only on wifi or when you open it, background data turned off , etc etc etc.

 

There are to many variables to tell you what uses your data but "web" means data was accessed for something.

 

For Data Event / MMS that is picture messages. So you sent someone a text with a picture. Or received a picture message.

 

I hope what I wrote gives you an understanding a bit.

 

 

 

I agree...if your phone works.....leave the SIM alone. 

 

But I also agree it is a good idea to have an extra SIM on hand. 

Helpershelper
Town Hero / Héro de la Ville

@chimayPM 

 

It’s common to get calls from unknown numbers and they can spoof their number to be in your area code so you’re more likely to pick up. If someone has access to your google account, they can remotely install apps without you knowing. While I highly doubt you’re being targeted by a dedicated hacker this is strange behaviour. I would make sure you change your google and PM passwords and setup 2 factor authentication. If you didn’t make these calls then let a moderator know so they can look into this as it can be fraud.

 

I don’t think replacing your SIM will solve this but if you’re offered a free one, I’d take them up on that offer. I’ll provide the mod link below:

 

https://productioncommunity.publicmobile.ca/t5/notes/composepage/note-to-user-id/22437

 

OK. I don't know much about that phone. But iPhone/iTunes has an option that if you download an App to the iPhone it will also download to your iPad. I forget what the setting is called but was a PITA to me. 

 

Does Google Play have anything like that and is there more than one person using your Google Play? And perhaps you should also change your Google Play password ASAP as well. 

 

Also if you are in BC you may be having a number of political calls. The ones I get, that I block, are in the same series from Iristel. 

 

Are you disabling or uninstalling the unwanted apps. 

chimayPM
Good Citizen / Bon Citoyen

It's a "SKY device" (Android, Google phone). 3G. We bought it new (but very cheap) from Staples a few years ago.

LurganIeUk
Mayor / Maire

What kind of phone do you have?

 

At least change your My Account password ASAP. 

Need Help? Let's chat.