Phishing attack targeting WhatsApp and Signal users

The Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency have warned of large-scale phishing campaigns by Russian-linked threat actors targeting messaging apps like WhatsApp and Signal. These attacks focus on high-value targets, including government officials, military personnel, journalists, and political figures, and have already led to thousands of compromised accounts globally.

Phishing attack targeting WhatsApp and Signal usersPhishing attack targeting WhatsApp and Signal users

The attackers use social engineering tactics rather than technical exploits, sending fake alerts about suspicious login attempts or impersonating services like “Signal Support.” Victims are tricked into sharing verification codes, PINs, or clicking malicious links and QR codes. Depending on the method, attackers can either take full control of accounts or silently link their own devices, gaining access to messages, contacts, and the ability to impersonate victims for further phishing.

Phishing attack targeting WhatsApp and Signal usersPhishing attack targeting WhatsApp and Signal users

Security agencies warn that these campaigns are highly effective because they exploit trust rather than platform vulnerabilities. Users are strongly advised to never share verification codes, avoid clicking unknown links, and regularly review linked devices on their accounts. Experts emphasize that legitimate services like Signal will never ask for sensitive login details via messages or social media.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net