The Dutch AIVD and MIVD warn about phishing by Russian state hackers via the chat apps Signal and WhatsApp. The intelligence services emphasize that this is not due to the technology or security of the apps, but rather to the actions of the users themselves.
The threat targets individual user accounts, such as those of dignitaries, military personnel, and civil servants. Journalists can also be considered interesting targets, according to the AIVD.
To gain access to accounts, attackers try to obtain users’ verification and PIN codes. The most common method is for hackers to impersonate a Signal Support chatbot and ask for your codes. However, Signal Support does not have a Support chatbot and never contacts users via the app.
Another phishing method involves attackers trying to get users to scan QR codes or click on links, while the QR code actually links the attacker’s device to the victim’s account.
In both cases, the compromise relies on a manual action by the user. The agencies emphasize that this concerns the compromise of individual accounts and does not mean that the Signal or WhatsApp applications themselves have been compromised.
Signal targeted especially because of its good reputation
Phishing attempts are a problem for all online services. The intelligence services believe the high Russian interest in Signal is explained by the app’s strong reputation: “Signal is known as a reliable and independent communication tool and offers the option to send end-to-end encrypted messages. Because of this, it is widely used within governments to protect internal communication,” according to the AIVD.
The AIVD has published a so-called cyber advisory with tips on how users can protect themselves against malicious actors.
Signal also provides guidance on an official support page about how to protect yourself on Signal.
Signal has already responded to worldwide phishing attempts on platforms including Bluesky, Mastodon en X.
We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously. 1/7
— Signal (@signal.org) 9 maart 2026 om 17:12
To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts. 2/7
— Signal (@signal.org) 9 maart 2026 om 17:12
These attacks, like all phishing, rely on social engineering. Attackers impersonate trusted contacts or services (such as the non-existent “Signal Support Bot”) to trick victims into handing over their login credentials or other information. 3/7
— Signal (@signal.org) 9 maart 2026 om 17:12
[image or embed]
To help prevent this, remember that your Signal SMS verification code is only ever needed when you are first signing up for the Signal app. To protect people from such phishing, Signal actively warns users against sharing their SMS code and PIN. 4/7
— Signal (@signal.org) 9 maart 2026 om 17:12
[image or embed]
We also want to emphasize that Signal Support will *never* initiate contact via in-app messages, SMS, or social media to ask for your verification code or PIN. If anyone asks for any Signal related code, it is a scam. We make this clear when users receive their SMS code during initial signup. 5/7
— Signal (@signal.org) 9 maart 2026 om 17:12
While we build robust technical safeguards, user vigilance is ultimately the best defense against phishing. We will continue to work on mitigating these risks via interface design and signposting throughout the app. 6/7
— Signal (@signal.org) 9 maart 2026 om 17:12
In the meantime, please stay alert, and never share your SMS verification code or Signal PIN with anyone. 7/7 support.signal.org/hc/en-us/art…
— Signal (@signal.org) 9 maart 2026 om 17:12
[image or embed]
Resta informato
Vuoi rimanere aggiornato sulle ultime novità Signal notizie, suggerimenti e aggiornamenti? Seguici su Threads, Bluesky o Mastodon.
