Most people assume phone cloning is a 1990s problem — something that happened in movies before smartphones existed. That's wrong. SIM cloning and IMEI cloning are active, growing threats in 2026, and they’re different from ordinary phone hacking in a critical way: the attacker doesn’t need malware on your device. They just need a copy of your phone number.
When someone clones your phone, they can receive your calls, intercept your text messages, steal your two-factor authentication codes, and make calls that appear to come from your number. The cellular network thinks there are two of you. Your carrier has no way to know which one is the real you. And the evidence is easy to miss if you don’t know what to look for.
This guide explains exactly what phone cloning is, the 7 signs that your phone has been cloned, and what to do immediately if you suspect it.
1 You’re Receiving Two-Factor Codes You Didn’t Request
This is the single most reliable sign of a cloned SIM. Two-factor authentication codes arrive on your phone when someone attempts to log into an account tied to your number. If you’re receiving them and you haven’t tried to log in, someone else is.
What makes this especially dangerous with cloning: the attacker can use your phone number to reset passwords on Google, Facebook, Instagram, your banking app — any service that uses SMS as a recovery method. They receive the code, reset your password, and lock you out. They own the account before you even notice what happened.
Don’t ignore unrequested 2FA codes. Immediately log into your email from a different device — not the potentially compromised phone — and change your password. Then switch that account to an authenticator app (Google Authenticator, Authy) instead of SMS. If you can’t get into the account because the password was already changed, contact the service directly and prove your identity through backup recovery options.
2 Unknown Numbers Appear in Your Call and Text History
A cloned phone can make and receive calls. If you notice calls to or from numbers you don’t recognize — especially international ones or premium-rate numbers — someone with your SIM may be using it. Look for:
☐ Calls to unfamiliar international prefixes (+44, +92, +234, etc.) at odd hours
☐ Text messages to unknown contacts you didn’t send
☐ Unexpected charges on your bill from premium services (these calls are often sold to third parties who charge per minute)
The calls show up on your carrier bill. The cloned SIM and your real phone both ring when someone calls your number — and both show up in your call history.
Check your carrier’s online account portal for your full call and text log. Flag any numbers you don’t recognize. If you see premium-rate or international numbers you didn’t call, dispute the charges with your carrier and tell them you suspect SIM cloning — they can flag your account for fraud review.
3 Your Battery Is Draining Faster Than Usual
A SIM actively trying to register on multiple devices draws more power than one operating normally. When someone clones your SIM, both your phone and the cloned device are constantly competing to connect to the cellular network. That dual registration keeps the cellular radio more active than it should be during idle periods, and the result is a battery that dies noticeably faster even with identical usage.
Compare this to ordinary battery drain from apps. Spyware on your device causes high CPU usage and GPS drain. SIM cloning causes unusually high cellular radio activity — check your phone’s battery settings and look for “Cellular Radio” or “Network” consuming more than its usual share.
iPhone: Settings → Battery → scroll to see cellular usage. Android: Settings → Battery → Cellular Radio or Network. If cellular drain is significantly higher than your typical usage pattern with no change in behavior, it’s worth investigating further.
Run a breach check at SkullSnare to see if your phone number or accounts have already appeared in a data breach — cloned SIMs are often paired with credential theft.
4 Unknown Devices Are Logged Into Your Accounts
When someone clones your SIM and accesses your Google, Apple, or social media accounts, those sessions show up in your account’s active device list. Google tracks every device that logs into your account — you can see them all at myaccount.google.com/device-activity. Apple does the same at appleid.apple.com. Facebook, Instagram, and Twitter all show active sessions in their security settings.
If you see devices in those logs that you don’t recognize — different city, different device model, different operating system — someone else is signed into your account, and they may have gained access using your cloned phone number.
Go to each account’s security settings and revoke all sessions except the ones you actively use. Then change your password and enable an authenticator app. If the attacker is using your SIM to receive 2FA codes, they will immediately try to re-access the account — switch to an authenticator before they can.
5 Your Data Usage Has Spiked Without a New App
Phone mirroring apps run alongside SIM cloning when an attacker wants maximum access. These apps upload your photos, messages, call logs, and location data to a remote server. That data transfer uses your data plan — and shows up as a spike in usage even though you haven’t changed how you use your phone.
Pay attention to the type of data usage. If you see unusually high background data from an unknown app, that app is sending data somewhere. Normal app updates or new streaming habits account for most increases — if you can’t explain the spike, investigate it.
iPhone: Settings → Cellular → scroll to app-level data usage. Android: Settings → Network → Data Usage → App Data Usage. Look for any app with unexpectedly high data usage that you don’t actively use. Search the app name on the Coalition Against Stalkerware database. If it’s flagged as surveillance software, document it before removing it.
6 Your Carrier Alerts You to Account Changes
Before a cloned SIM becomes fully operational, the attacker often needs to make changes to your account — upgrading a plan, adding a line, requesting a SIM replacement, or initiating a number port. Many carriers send email or text notifications when significant account changes are made. If you receive an alert about a SIM replacement, number port, or plan change you didn’t request, act immediately.
Number porting is especially dangerous. If an attacker successfully ports your number to a different carrier or a different SIM, your phone loses cellular service entirely — calls and texts route to the cloned device. This is called a SIM-swap attack, and it’s how attackers take over financial accounts in minutes.
Call your carrier immediately if you receive an alert about a SIM replacement or number port you didn’t request. Ask them to place a fraud hold on your account and verify your identity before any further changes. Set up a PIN or security question on your account — most carriers offer this as an extra layer of account protection against unauthorized changes.
Run a breach check at SkullSnare to see if your phone number and email have been exposed in any data breaches, which may have been the initial step that enabled the cloning.
7 Your Phone Shows Two IMEI Numbers or Has Lost Service
Every phone has a unique IMEI (International Mobile Equipment Identity) number. On most Android phones you can find it under Settings → About Phone — or dial *#06# to display it on screen. Some advanced cloning attacks change the IMEI on your device to match the cloned copy, which can result in your phone displaying an unfamiliar number. More commonly, if your phone suddenly loses service while someone else receives your calls, you’ll notice you can’t make calls or send texts even though your signal indicator looks normal — the network is routing your traffic to the cloned SIM instead.
Check your phone’s IMEI by dialing *#06#. Write it down. If it changes without you doing anything, that’s a strong indicator of cloning. If your phone shows no service but you can see signal bars, try airplane mode on and off. If service doesn’t return, contact your carrier and ask if there’s an active SIM duplicate on your account. They can detect duplicate SIMs on most networks.
How to Stop Phone Cloning: Quick Checklist
If you suspect your phone is cloned, run through this checklist now:
☐ Check your carrier account for unknown SIM activations or number port requests
☐ Review your call and text logs for numbers you don’t recognize
☐ Log out all active sessions on Google, Apple, and financial accounts from settings
☐ Change every password from a different device than your phone
☐ Switch all accounts from SMS-based 2FA to an authenticator app
☐ Set a PIN or security question on your carrier account
☐ Run a breach check to see if your credentials were already exposed
If multiple boxes apply, contact your carrier about a possible fraud hold and consider a SIM replacement. The sooner you act, the less damage the attacker can do.
What Is Phone Cloning, Exactly?
Phone cloning takes two different forms:
SIM Cloning — The attacker copies the data from your SIM card onto a blank SIM card. This requires physical access to your SIM or access through a carrier employee. The cloned SIM has the same phone number and can receive calls, texts, and 2FA codes. This is the older, more technical form of cloning but still used in targeted attacks.
IMEI Cloning — The attacker spoofs your phone’s unique device identifier to make a cloned device appear to be your phone on the carrier network. This lets them register a different device as your phone number and intercept calls and data.
Phone Mirroring — Technically a different attack, but often used alongside cloning. An app installed on your device mirrors all activity to the attacker’s phone in real time: calls, texts, photos, location, keystrokes. You don’t notice it because your phone works normally. The attacker has a complete view of everything you do.
SkullSnare detects unauthorized device access and breach exposure — it identifies whether your phone number and accounts have been compromised, which is often the first step in a cloning attack. If your credentials were exposed in a breach, an attacker may have had enough information to social-engineer your carrier into making account changes on their behalf.
How SkullSnare Identifies Intruders
When someone clones your phone or installs mirroring software, they almost always need your credentials first. SkullSnare checks whether your email and phone number have appeared in any known data breach — if they have, we show you exactly which breach exposed your data, what was exposed (passwords, phone numbers, emails, device info), and your overall risk score.
SkullSnare also identifies the timeline of breaches so you can correlate it with when you first noticed unusual phone behavior — if your number was exposed 6 months ago and you started receiving strange 2FA codes last week, that timeline tells you something.
Find out if someone cloned your phone or breached your accounts.
SkullSnare scans your breach history and shows you every compromised account, every exposed data type, your risk score, and a legal-ready evidence report.
Run Your Scan — $20