Signal Alerted Scam Warning to Users After Hackers Target Officials -

Post Views: 0

Signal Alerted Scam Warning to Users After Hackers Target Officials

“Recently, Signal issued a warning for users after hackers targeted officials.”

Following reports from Dutch intelligence that prominent users of the secure messaging app were being targeted by hackers, Signal has cautioned users to watch out for indicators of scams.

Dutch Cybersecurity Agencies, Monday

Individual Signal and WhatsApp users were the subject of an operation supported by Russia.

In an attempt to get access to accounts or take control of connected devices, hackers had pretended to be support workers. The “global” campaign had targeted civil servants, military personnel, and Dutch leaders.

Signal claims that while its systems are still safe, it is “very seriously” considering complaints of such activities.

The Military Intelligence and Security Service (MIVD) and General Intelligence and Security Service (AIVD), two Dutch intelligence services, discovered the effort.

In a news release, they claimed that the “large-scale global cyber campaign” seemed to target individuals of interest to the Russian government, including journalists and government officials.

Simone Smit, AIVD Director-General

“Neither Signal nor WhatsApp in general has been compromised. The objective is specific user accounts.”

Signal emphasized that its systems “have not been compromised and remain robust” in a number of posts on X.

Signal

“Sophisticated phishing operations were used to carry out these assaults, which were intended to fool users into divulging personal information, SMS codes, and/or Signal PINs to access their accounts.”

In so-called phishing attempts, thieves try to persuade users to provide passcodes, cash, or personal information, often by posing as friends, relatives, celebrities, or customer service representatives.

Hackers posed as Signal Support in the campaign that Dutch intelligence officials discovered in an attempt to obtain account information.

When setting up a Signal account, users are prompted to secure it with a PIN code, which it states should never be disclosed to other parties.

Additionally, consumers should not share verification codes sent to their phone numbers, according to the business.

Similar guidance has been provided by WhatsApp, which advises users not to reveal the six-digit codes that secure their accounts.

Additionally, it states that users can take additional precautions to safeguard their accounts, like blocking unfamiliar calls or messages.

‘Human bugs’

Signal has emphasized that “user vigilance” is the most effective approach to thwart phishing efforts, even though they have safeguards in place.

Muhammad Yahya Patel, Cybersecurity Advisor, Huntress, Security Firm

“Users are being used as weapons by security features.”

Hackers used to search for coding flaws. They are currently searching for human error in the way people use apps.”

Convenient features like text verification codes and QR codes for users to access their accounts on different devices have become “primary attack vectors being used by criminals.”

Additionally, users should be aware that “total security” does not equate to utilizing an app with end-to-end encryption (E2EE).

“If the device and account are compromised, this kind of encryption cannot keep them safe.”

In order to ensure that no one else may see their messages, Patel advised users to frequently check the settings on devices connected to their account.

Only the sender and recipient of a message may read it thanks to E2EE, which is used to secure conversations on Signal and WhatsApp.

Signal’s image as a highly secure software has made it popular with authorities looking to communicate securely, which is why Dutch intelligence services believe Russia targeted the app.

However, they claimed that this has also given the app “the ideal place for malicious actors” to attempt to obtain private data.

Peter Reesink, MIVD Director

“Messaging apps like Signal and WhatsApp should not be utilized as channels for sensitive, classified, or private information, even when they offer end-to-end encryption.”

Dr. Pia Hüsch, Cyber Research Fellow, Royal United Services Institute

“These apps are being exploited by numerous hostile actors in cyberspace.”

Some people might be surprised by the use of “plain old phishing attempts” in this instance.

“Although this is a rather simple method of attempting to obtain access, we sometimes think of state actors as these extremely sophisticated threat actors with all the powers and beautiful tools.”

About The Author

Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”

Top 10 Upcoming Cybersecurity Conferences in India