Security experts in Germany are on high alert following a wave of digital attacks aimed at high-ranking officials and public figures. The warning comes from the country’s top security bodies- the Federal Office for Information Security (BSI) and the Federal Office for the Protection of the Constitution (BfV). They have discovered that state-backed hackers are actively trying to get into the private lives of military leaders, diplomats, and investigative journalists across Europe.
What makes this situation different is that these attackers are not using the usual viruses or complex computer bugs. Instead, they are using social engineering. By using the regular settings and features of the Signal messaging app, these spies are finding ways to watch private chats without anyone knowing.
The Fake Support Scam
It is easy to see why people get caught out, as we are conditioned to trust official-looking alerts. Reportedly, hackers are now pretending to be the Signal Security Support team; they frequently use a ChatBot to send a direct message claiming there has been a major security breach or a leak of private data. To make people act quickly, they tell the user they must verify their account immediately or they will lose everything.
If a person falls for this, the hackers ask for a six-digit Security PIN or a code sent via SMS. After securing this code, they can register that phone number on their own device. This effectively locks the real owner out of their account, allowing the hackers to send messages as if they were that person, which could even be used to spread disinformation in group chats.
The QR Code Trap
The second method is even harder to spot because the victim can still use their account as normal. In this case, an attacker contacts the target with a believable story and asks them to scan a QR code. While the user might think they are just logging into a document or a group, they are actually linking the attacker’s device, such as a tablet or a laptop, to their own account. This gives the spy a look at the last 45 days of chat history and lets them read every new message as it arrives.
To stay safe, security experts suggest ignoring any messages from support, as real Signal staff will never message you directly for a PIN or code. You should also check the Linked Devices section in your settings and delete any unrecognised gadgets immediately. Lastly, turning on a Registration Lock ensures that even if someone gets your SMS code, they cannot take over your account without your secret PIN.
Deeba Ahmed
