Overview
- Germany’s BfV and BSI report active phishing targeting high-ranking politicians, military officers, diplomats, and investigative journalists in Germany and across Europe.
- In one variant, attackers pose as Signal support and solicit a PIN or SMS verification code to register the victim’s account on an attacker-controlled device and take it over.
- A second variant convinces targets to scan a QR code to link an attacker device, enabling covert access to chats and contacts, including recent messages for up to 45 days.
- Officials stress that the campaign exploits legitimate messaging features rather than any vulnerabilities, and note that WhatsApp could be abused in a similar way.
- Guidance urges users to block and report fake support messages, never share PINs or codes, enable Registration Lock, review linked devices regularly, and report suspected incidents.