Security Alert: Phishing campaigns targeting messaging apps

The FBI recently released a public service announcement urging the public to be aware of phishing campaigns led by led by Russian Intelligence Services (RIS) that are targeting messaging apps, like Signal, WhatsApp, Telegram, iMessage, and similar short message service (SMS) platforms.   

The cyber-attacks are not compromising the encryption of these services, but rather focusing on user accounts and trying to extract information through phishing attempts. Cyber actors can then use this data to access your account to read messages, find your contacts, and send messages from your account.      

How the phishing attempt works

Typically, RIS cyber actors will send text messages to your account posing as support, prompting you to either click a link to fix an issue, or provide a PIN or code. Doing this will give the cyber actors full unauthorized access to your account. The phishing message may look something like this:  

Dear user, 

We noticed suspicious activity on your device, which have led to a data leak. We have also detected attempts to gain access to your private data in [APP NAME]. To prevent this, we ask you to pass verification procedure, which will take less than a minute. Please let us know as soon as you are ready. 

Best regards

[APP NAME] Support

How to protect your data 

• Be wary of messages seeking immediate action. A sense of urgency is usually a telltale sign of a phishing attempt. 

• Never provide personal data without verification. Do not click links, or provide codes for actions you did not initiate. If you’re unsure whether a message from an app is legitimate, go to the app’s website and contact Support directly. 

• Proceed with caution with unexpected messages. Unknown or unexpected messages with odd or unusual requests – even from a friend’s account – should be met with suspicion. Use another means of communication (e.g., phone call) to confirm identity. 

• Report suspicious activity. If you receive a suspicious text from a messaging service, visit the app’s website to report it. You can also report suspected phishing to the Internet Crime Complaint Center (IC3) or FBI. If you are receiving suspicious messages on an ITS-managed device, contact ITS Security immediately at its-security@med.cornell.edu.