Signal phishing attacks: BfV and BSI update warning
BSI and the domestic intelligence service update their warning about phishing attacks on high-ranking personalities.
Examples of phishing attacks that BfV and BSI are once again warning about.
(Image: BSI / Bearbeitung heise medien)
In February, the domestic intelligence service (BfV) and the Federal Office for Information Security (BSI) had warned of phishing attacks on high-ranking personalities such as politicians, military personnel, and diplomats, as well as investigative journalists. Over the weekend, the authorities updated their warning.
The updated security notice from the domestic intelligence service further explains that the attacks are “likely carried out by a state-controlled cyber actor.” The goal is to spy on communication via the Signal messenger, for example. However, the authorities are now warning that the campaign is still active and is also gaining momentum.
Guide with assistance
The two authorities have now created a guide that is intended to help determine whether one has already fallen victim to the phishing wave and what countermeasures should be taken based on this. To this end, the guide shows example phishing messages that the attackers are sending. If recipients have responded to the messages, the document explains how victims should react correctly. If access to the account is still possible, victims should change their Signal PIN. After that, they should delete their account – not the app – and create a new one with a new PIN. The registration lock should then ideally be activated. The authorities also recommend using self-destructing messages whenever possible.
If access to the account is no longer possible, the attackers have already taken it over. The guide is not entirely consistent here, because even in this case, victims should change their PIN, which should be difficult without access. In addition, those affected should inform their contacts about the incident, for example by phone or email. They should block the compromised account in their contacts. Chat groups that the compromised contact participated in should be deleted and recreated. In addition, victims should contact Signal support and have the old, taken-over account deleted.
Videos by heise
In March, the Dutch MIVD and AIVD had warned of a large-scale, worldwide espionage campaign by Russian state actors, to which Signal reacted and confirmed that the infrastructure had not been compromised; it was a matter of security problems due to sophisticated phishing. However, the updated warning explicitly refers not only to Signal but to all messenger services, including WhatsApp & Co.
(dmk)
