German agencies warn of Signal phishing campaign targeting politicians and journalists
Germany’s BfV and BSI warned about a Signal-based phishing campaign that abuses legitimate account features like PINs and device linking. No platform exploit is required — just social engineering.
Germany’s BfV and BSI issued a joint advisory describing a **phishing campaign on Signal** targeting high-value individuals (politics, military, diplomacy, investigative journalism).
**How the scam works**
- Impersonation of “Signal Support” (or a support chatbot) to request a **Signal PIN** or SMS verification code.
- Alternatively, victims are tricked into scanning a QR code to **link a device**, exposing recent messages and contacts.
**Why it matters**
This attack demonstrates that secure messengers can still be undermined through **account takeover techniques** that weaponize legitimate features.
**Defensive checklist**
- Never share verification codes or PINs via chat.
- Enable registration/lock protections.
- Audit linked devices regularly.
**Tags:** Cyber Security, Phishing, Messaging
Source: The Hacker News