The FBI Warns That Foreign Cybercriminals Have Targeted Messaging App Users

If you're one of the billions who use Signal or WhatsApp, be on alert: US officials say cybercriminals with ties to Russian intelligence are currently running a massive phishing campaign on messaging apps. Apparently, it's already compromised thousands of accounts worldwide. According to the joint PSA from the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, these cyberattackers are targeting anyone and everyone with access to sensitive information. That includes current and former government officials, military personnel, political figures, journalists, and beyond.

Even trickier is that this phishing campaign doesn't involve breaking into the apps. Instead, the perpetrators are using pure deception tactics to gain access to individuals' accounts. Authorities say the operation sees cybercriminals impersonating official support channels on encrypted messaging apps like Signal. There, victims receive messages that sound perfectly legitimate: a warning about suspicious activity, or a message about recent security threats. From there, the messages prompt users to click (secretly malicious) links or provide their confidential verification code or PIN. 

Once that link is clicked and the information is shared, the perpetrators can either link their devices to the victim's account or take full control of it. That opens the floodgates, allowing cybercriminals to read private messages, access contact lists, and expand the attack's scope to send even more phishing messages to others.

The FBI makes it clear that the apps themselves remain perfectly secure. It's the human element that proves to be the weakest point in this whole operation. It's not just happening in the US, either. Intelligence officials in the Netherlands have observed similar tactics targeting government employees and other high-value individuals on both Signal and WhatsApp. Just like the FBI, officials in the Netherlands explained that the attackers are posing as automated chatbots or support personnel and using convincing language to create urgency and pressure victims into responding quickly.

It could be part of a broader shift in cyber tactics: one where attackers are using more social engineering and fewer technical exploits. By manipulating users into handing over their access credentials, cybercriminals can effectively sidestep even the strongest encryption systems. And even though the current attacks only seem to be targeting high-profile individuals for now, what's to stop the same methods from being used to target businesses and everyday users soon? That's not even mentioning the copycats. Once these social engineering techniques become more widely known, they're likely to be replicated by other cybercriminal groups.

To keep your personal data safe from a cybersecurity breach, treat any and all unsolicited messages with a healthy amount of skepticism. As always, avoid clicking on unknown links or sharing sensitive information over Signal or WhatsApp. No legitimate support service would ever request verification codes or passwords through in-app messages.