FBI and CISA warn of ongoing Russian-linked phishing targeting messaging accounts.
Earlier this month, we reported on a large phishing campaign targeting Signal and WhatsApp accounts of senior officials, military personnel, civil servants, and journalists.
The FBI, CISA, and European intelligence warn that these tactics now target commercial messaging apps rather than breaking end-to-end encryption. Attackers steal access to individual accounts.
Our last article covered Dutch intelligence warnings on Russian actors contacting high-value targets on Signal and WhatsApp, posing as support or security bots. The new PSA shows these groups now run global phishing campaigns with evidence of thousands of compromised accounts.
Attackers use social engineering to add devices and listen in without breaking encryption.
Targets include US officials, military, politicians, journalists, and businesses. These techniques threaten all users.
This demonstrates that the threat extends far beyond diplomats or generals. Because these techniques are easy to copy, they put all users, including businesses and individuals, at risk.
How to Protect Your Accounts
As the PSA puts it:
Phishing remains one of the most unsophisticated yet effective means of cyber compromise, frequently rendering other protections irrelevant.
This situation calls for some basic security steps:
- Treat unexpected support messages in apps as suspicious. Legitimate support will not ask for verification calls, PINs, or passwords in chat. For account warnings, do not click message links; instead, check access settings or visit the official site yourself.
- Never share SMS verification codes or app PINs. These prove phone control—sharing means giving up your account. Treat all requests for codes as scams.
- Be careful what you discuss and with whom. Even with encryption, some topics are too sensitive for chat apps.
- Use extra security features. Enable registration lock, PIN, and device change alerts to prevent re-registration without a code. Store your PIN in a password manager. If attackers access your chats or backups, they may see content. These measures limit damage but are not foolproof.
What To Do If You Think Your Count Was Hijacked
If you think someone has taken over your messaging account, follow these steps:
- Re-register your number in the app immediately to remove other devices.
- Revoke all linked devices and change app PINs or lock codes.
- Warn contacts that someone may have impersonated you and ask them to be cautious with recent messages.
- Review Recent Conversations for Signs of Data Theft (for Example, Shared IDs, documents, or Passwords that should now be considered exposed).
- Report the incident to the app provider and, if needed, to authorities like the FBI’s IC3 or your national agency.
Act quickly to limit how long attackers can use your account.
Source: FBI, CISA warn of Russian hackers hijacking Signal and WhatsApp accounts
