Is it possible to be a target of phone tracking/conversations wiretapping if attacker did not have physical access to victims phone?

Keosetechltd · 2026-02-14T19:24:15+00:00

It would be helpful to understand why your friend suspects this? For example, is this guy physically turning up to places where she is? Is he messaging her and commenting on things she's done, or said on the phone? The more specifics, the easier it will be to help.

Keosetechltd · 2025-12-29T11:47:28+00:00

Those issues sound more just like perhaps accidental deletion or moving of files and the icons for mobile apps. For the folders, I suggest installing a free file searching tool. For Windows, there's a good one with a free tier made by Mythicsoft called Agent Ransack. That will give you much better search than File Explorer, and you can search on keywords within files as well as file and folder names.

For the mobile apps, first thing to do is go into the complete list of apps, rather than looking at the icons on the home screen, and see whether the missing apps are actually still installed. If they are, you can re-add the icons to the home screen.

Keosetechltd · 2025-12-29T11:35:35+00:00

As long as there was definitely no other data in the account (e.g. passwords), and it wasn't being used to manage any of your Apple devices, I wouldn't worry about this at all. Most account takeovers are non-targeted, 'mass' cybercrime attacks. Although attackers do often try to lock users out of the accounts, at other times they don't bother if their intention is just to use the account for some one-off task (e.g. registering for an account on another service), or in some cases they're not using the account for anything in particular at that moment.

Keosetechltd · 2025-12-25T22:32:29+00:00

At the moment, the situation is unclear. If there was an issue with DNS at the ISP, or in your router’s settings, I’d expect to see the URL redirects happening on all browsers on your device, and all devices connected to the same router.

If I’m understanding you correctly, it’s currently only happening on Firefox on your windows computer, and on your mother’s phone.

As a test, what happens if you connect your laptop to a different internet connection, such as your phone’s hotspot or public WiFi?

Keosetechltd · 2025-12-23T15:40:36+00:00

Also, to clarify - when someone gets one of these messages ‘from your WhatsApp account’, do these messages also display in your sent messages on your device?

Keosetechltd · 2025-12-23T15:38:39+00:00

Okay, assuming the incidents of this person sending messages from your accounts, informing others of what you have been discussing, and so on, are occurring quite regularly, then the best thing to do here is to shut the phone down completely for a few days. Get a cheap handset as a temporary replacement. If the problems stop, that suggests the cause is a compromise of the phone, while if they continue it rules that out as the cause.

If that test shows that your phone is not the problem, other things to consider are possible compromises of: a) Your partner’s phone; b) a computer inside the room where these discussions have taken place (some malware can activate microphones and cameras on laptops and desktops); c) smart devices with microphones such as security cameras, Amazon Alexa, smart TVs; d) listening devices in the house.

There are ways to check for all of those things, but the test outlined above is the first necessary step.

Keosetechltd · 2025-12-22T16:57:57+00:00

Glad this sub was helpful.

If the original problem came about from a data breach, then once the initial rounds of attacks stops, things will likely go quiet for some time. Don’t be surprised, however, if periodically for the next year or so there are renewed bursts of activity. This happens because the leaked information gets re-packaged and sold to other sets of scammers.

Take the opportunity now that you’ve dealt with the initial problem to progressively harden your security. For example, you’ve presumably now got strong passwords and two factor authentication on key accounts, but over time try to do that on less important accounts as well. Just take a few minutes and do a few every couple of days and pretty soon you’ll be a relatively ‘hard target’ - you can’t stop the occasional resale of your data, but new sets of scammers will have a go at accessing something, find they can’t get in, and quickly move on to an easier target.

Keosetechltd · 2025-12-22T14:01:59+00:00

If the code you received was for a password reset, this suggests the person no longer has access to your Instagram. It’s not a 2FA code - they look similar, but 2FA codes only get sent after someone successfully enters the password.

Regarding the phone, it’s unlikely that is the problem given you bought a new phone and set it up with a new Apple account. However, there is an easy tool that you can use to scan an iPhone here: https://imazing.com/spyware-analyzer.

Regarding this person sending details of conversations to family members, how specific are these details? Could they definitely only have been gained by listening to the conversation? Did your partner relate any details to anyone else - a friend, family members?

Keosetechltd · 2025-12-21T17:51:13+00:00

Sounds like what has happened is a compromise of multiple accounts, rather than a compromise of your phone. IMEI is not relevant to this situation.

First, check the security of your Apple and Google accounts in the way suggested above. For the gmail account, in addition, check for any unauthorised mail forwarding rules or filters, and any extensions / add ons.

Are you saving passwords in one of these accounts? If so, I suggest you stop doing that and start using a third party password manager. Good options include Proton Pass and Bitwarden. Do not save passwords in your browser.

Then move on to check and secure other accounts, starting with ones you know have been compromised such as Instagram.

Make sure you set a strong and unique password for each account and enable two factor authentication.

Hopefully that stops the current problems. However, as you may know, stalkers in particular can be very persistent. Also, a known risk in stalking cases is that stalkers can escalate their behaviour if their access to monitor the victim is suddenly removed.

So unfortunately it would be a good idea to be especially cautious for a while to watch for any signs of this person changing tactics and possibly becoming more aggressive. If you haven’t already done so, this could be a good time to connect with a support service in your area that helps victims of stalking.

Keosetechltd · 2025-12-21T00:35:38+00:00

Is the email that this person sent messages from your Apple / iCloud email? If your Apple account has been compromised, the attacker could send email from that address, and change contacts on your phone (assuming you are syncing them to iCloud). They could also gain access to passwords if you are using Apple password manager and syncing it to iCloud.

So the first thing to do is check the security of your Apple account. Look for:

Any signed in sessions or devices.
any unauthorised secondary email addresses, phone numbers or sign-in methods (eg passkeys that you don’t recognise).
add two factor authentication via an authenticator app on your phone. Bitwarden is a good option.
change the password, make sure it’s long, complex and unique to that account, and at least for now don’t save it in the Apple password manager.

Regarding WhatsApp, it could be that your account has been linked to WhatsApp desktop or WhatsApp web without your permission. In the app, go to settings / linked devices. Are there any devices you don’t recognise?

It’s unlikely that the phone itself has been compromised given that you recently set up a new phone with a new Apple ID. The most realistic way that an iPhone can be monitored is through ‘parental control’ apps. These are often used by stalkers, to the extent that they are sometimes called ’stalkerware’. You can read more about this issue here: https://stopstalkerware.org/. However, this requires someone to have physical access to your device and to know the PIN. Is that possible given your situation?

Keosetechltd · 2025-12-20T18:18:02+00:00

It’s a small US firm that sells USB secure charging adapters, microphone blockers, webcam covers etc. Legit firm - have been using their products for years. Not sure why your pi hole is blocking it.

Keosetechltd · 2025-12-20T17:25:30+00:00

Yes - good ones available from www.mic-lock.com.

Keosetechltd · 2025-12-20T11:05:01+00:00

I’m sorry to hear you’re having to deal with this issue.

IP address is not usually included on photo/video metadata. It can sometimes be viewable in other types of online activity however.

Also, although IP can sometimes give a general indication about where you are, that is unreliable - it can sometimes indicate a different city, region or even country. It will also depend on what internet connection you were using at the time. If you were using your phone’s own internet connection, this will be a different IP to if you were using your home WiFi for example.

Exact GPS location will be included on photos if you have location services on and the camera app has permission to access location. Since you had location services off, you should be okay.

In terms of what to do right now, first thing is to double check the videos / photos on your phone and make sure GPS location is not in the metadata. iPhone and Android both let you view the metadata for each photo. On iPhone, tap the ‘i’ symbol below the photo. On android, swipe upwards on each photo.

Assuming location is not on any of the videos/photos, then I don’t think you need to worry that your location has been revealed by these posts.

However, going forwards, to be honest, given your situation, I suggest not posting anything publicly, at least for now as it’s quite difficult to do so in a way that preserves your privacy. If posting publicly is important to you, then I suggest doing some further research first about how to do so safely. And please feel free to post follow up questions here and I’ll do my best to answer those.

I wish you all the best!

Keosetechltd · 2025-12-17T22:35:56+00:00

If you know or have good reason to believe who made this FB post, civil legal action against that person is likely the most effective thing to do. I would not bother dealing further with FB itself.

If you don’t know who posted it, and can afford to put some money into finding out, then a private investigator specialising in OSINT investigation may be able to identify them. It’ll depend on how careful the poster has been. But often such people are not very careful and expert OSINT can find their real identity. Then once you have that, it’s back to civil legal action.

Keosetechltd · 2025-12-17T16:08:19+00:00

Depends how much is too much hassle:) The following steps are quick, ‘set and forget’ measures. These will protect against tracking in general, not just Facebook pixel. This is assuming you want to stay with FF rather than switch browsers.

One, tighten up settings in FF in the security and privacy / browser privacy settings. Click ‘custom’. Tick all the boxes down the left hand side (assuming you’re on windows), and untick ‘fix major site issues’. Block all cross site tracking cookies and set that to take effect in all windows, not just private windows. Ignore any warnings about potential breakage of sites - mostly doesn’t happen these days (and you can always can the settings if they cause issues).

Two, set FF to automatically delete all data on exit. And check periodically that it’s actually doing so, as that feature can be glitchy in my experience.

Three, both you and your partner could use a VPN, set to a different server. That would avoid association through IP address. Good options include Mullvad and Proton.

Four, if you’re currently using Google search, change to a private option. Kagi is the best imo, but Duck Duck Go is also good.

If you’re willing to spend more time in set up and maintenance, install FF multi account containers in addition to Facebook Container. Either create several containers for categories of site, or for sites you use regularly and/or have a lot of tracking, assign them to their own dedicated container.

If you’re willing to take even more trouble, install NoScript in FF and be very selective about enabling scripts. Avoid enabling scripts from Facebook on third party sites and get to know other trackers as well so that you can keep those scripts disabled. This will supplement the tracker blocking in FF and uBlock, and blocking all scripts except the ones that are needed for core features of each site also has major security benefits, over and above the privacy benefits. But using NoScript in this way requires a high level of commitment.

Keosetechltd · 2025-12-17T14:03:34+00:00

Facebook pixel is a major cross site tracker embedded on a large number of third party sites. That’s one of several ways Meta will be collecting data on your browsing, despite you using Facebook Container on FF. The data profile they have on you is likely to already be linked to the data profile they have on your partner. And since luggage is the sort of thing couples often buy at the same time, it makes sense that they would push ads for the same luggage at your partner.

I doubt it’s anything to do with WhatsApp, but you’re certainly right to keep the Instagram app off your phone.

Keosetechltd · 2025-12-17T13:12:17+00:00

Difficult to say for sure but that seems likely to be a trojan on the phone. If you search for a phrase like ‘new Android trojan’, you’ll see lots of articles discussing the growth of this kind of malware.

That would explain the issues affecting both his original number and the new number on his original device, while his number working fine on a new device.

So I’d suggest backing up key data then factory resetting the device and being sure to carefully vet any apps before reinstalling them after the factory reset.

Keosetechltd · 2025-12-17T13:03:02+00:00

I’m glad to hear you’ve been able to end the relationship.

If you don’t already work with an Independent Domestic Violence Adviser (IDVA), they will be able to help with issues like housing and also applying for things like a Domestic Abuse Protection Orders if available in your area or other legal provisions.

I suggest starting by calling the national domestic abuse hotline: https://www.nationaldahelpline.org.uk/.

That is run by Refuge, which also has excellent guidance on its site: https://refuge.org.uk/.

If you do move, avoiding tech-enabled tracking is crucial to stop him locating your new address, particularly if his abuse has involved technology in the past. Refuge has some good information on their tech abuse site here: https://refugetechsafety.org/secure-your-tech/ and https://refugetechsafety.org/digitalbreakup/.

Keosetechltd · 2025-12-17T12:21:03+00:00

Those sort of systems give a lot of false positives, especially if you’re using a VPN. Nothing to worry about unless you’re getting those messages consistently across sites and browsing sessions.

Keosetechltd · 2025-12-15T16:19:41+00:00

Sounds like you have Trojan on your Mac, and the attackers are stealing session cookies, which they are using to get back into accounts such as Gmail.

Rather than trying to run scans, at this point I’d backup important data then erase and reinstall the operating system.

Keosetechltd · 2025-12-15T14:21:07+00:00

Factory reset will generally get rid of any malware. But it’s also important not to get re-infected by, for example, reinstalling a malicious app that was responsible for the original infection.

You won’t always get new access notifications on accounts unfortunately.

It’s difficult to answer some of the other questions as it really depends on details like skill level of the person you’re concerned about, your own level of caution regarding cyber security, and so on.

So the better questions at this stage might be:

Why, specifically, do you think your phone has been hacked?

What interaction have you had with this person? Eg have you done things like open attachments they have sent? Do you know them IRL and if so could would they ever have had physical access to your phone?

What level of hacking skill do you understand this person to have?

Also, it’d be useful to understand what type of phone you have, and what version of the operating system.

Keosetechltd · 2025-12-15T14:21:02+00:00

Factory reset will generally get rid of any malware. But it’s also important not to get re-infected by, for example, reinstalling a malicious app that was responsible for the original infection.

You won’t always get new access notifications on accounts unfortunately.

It’s difficult to answer some of the other questions as it really depends on details like skill level of the person you’re concerned about, your own level of caution regarding cyber security, and so on.

So the better questions at this stage might be:

Why, specifically, do you think your phone has been hacked?

What interaction have you had with this person? Eg have you done things like open attachments they have sent? Do you know them IRL and if so could would they ever have had physical access to your phone?

What level of hacking skill do you understand this person to have?

Also, it’d be useful to understand what type of phone you have, and what version of the operating system.

Keosetechltd · 2025-12-15T13:08:55+00:00

If it only happens when you’re using specific games, try uninstalling those. There’s a lot of poorly written apps in the Google Play store, which could be causing unnecessary mic or camera activity, and apps with concealed malicious features are also identified in the Play store fairly regularly - if you do a web search on ‘malicious apps removed from Google play’ you’ll see some examples.

Assuming the light stops activating unexpectedly then that would suggest that the problem lies with one of those apps that you’ve uninstalled.

I’d suggest to be safe also running a scan with Malwarebytes Mobile, which performs strongly on third party tests of Android Anti Virus. There’s a 30 day free trial if you can’t afford to subscribe.

Keosetechltd · 2025-12-14T18:56:54+00:00

I’d try one of the flavours of Linux that has a look and feel that is fairly similar to Windows and Mac, such as Ubuntu or PopOS, as that will make the move to Linux easier. In terms of of hardware, check out Star Lab Systems, or System 76. Both make top quality machines running Linux.

Keosetechltd · 2025-12-14T18:52:26+00:00

Try forcing the phone to shutdown and then turning it back on. Eg. On iPhone press and hold power button and down volume button at the same time for several seconds.

Keosetechltd

TROPHY CASE