The FBI has issued a warning about ongoing phishing attacks linked to Russian intelligence groups that are targeting users of encrypted messaging apps like Signal and WhatsApp.
These attacks have already affected thousands of accounts worldwide.
According to the FBI, the attackers are not breaking encryption itself. Instead, they are gaining access by tricking users into handing over control of their accounts. This means that even though messages remain encrypted, the attackers can still read them once they take over the account.
The campaign mainly focuses on Signal users, but the methods can be used on other messaging platforms as well. Victims are often people with access to sensitive information, including government officials, military personnel, journalists, and political figures.
These attacks usually begin with phishing messages that pretend to be from official support accounts. The messages ask users to take certain actions, such as sharing a verification code or scanning a QR code. Once the user follows these instructions, the attacker can link the account to their own device and gain full access.
After gaining access, attackers can read private conversations, view contact lists, and even send messages pretending to be the victim. This makes it easier for them to target more people, as messages coming from a trusted contact are more likely to be believed.
Security agencies in the Netherlands and France have also reported similar campaigns, confirming that these attacks are happening across multiple countries and are still ongoing.
The FBI has made it clear that the encryption used by these apps is still secure. The problem lies in users being tricked into giving access, not in the technology itself.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
To stay safe, users should be cautious of unexpected messages, especially those asking for codes or urging them to scan QR codes. It is important to never share verification codes with anyone, even if the request appears to come from an official source.
