Can someone hack my phone by sending a text message?
In rare cases yes — through zero-click exploits targeting unpatched OS vulnerabilities — but the far more common risk is phishing links within texts.
Last reviewed: 1 June 2026
Explanation
Highly sophisticated attacks known as zero-click exploits can compromise certain phones when a specially crafted message is received, without the user clicking anything. These attacks generally target specific individuals using expensive commercial spyware and are not used in typical mass fraud. For most people, the real risk from text messages is smishing: a text that contains a link leading to a phishing site or malware download, requiring the user to take an action. Keeping your phone's operating system and apps fully updated is the best protection against both categories of attack, as updates patch known vulnerabilities. Be cautious about any link in an unexpected text, even from a number you recognise.
Common red flags
- Unexpected text with a link from an unknown or spoofed number
- Text claims to be from your bank, a parcel company, or a government agency
- Unusual battery drain or data usage after receiving a strange message
- Apps opening or closing on their own
- Receiving unexpected one-time passcodes you didn't request
What to do now
- Keep your phone OS and all apps updated at all times
- Never click links in unexpected texts
- If you suspect compromise, run a security scan and consider a factory reset
- Report smishing texts to your carrier's spam number (7726 in the UK and US)
Frequently asked questions
Should I be worried about spyware on my phone?
For most people, the main risk is phishing rather than spyware. If you are concerned about targeted surveillance, organisations such as Access Now's Digital Security Helpline offer free assistance.