CISA and FBI warn of phishing attack targeting WhatsApp and Signal

You probably think your messages are safe. After all, apps like WhatsApp, Signal and Telegram encourage strong encryption.

But a new warning from the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation shows that attackers don’t have to break encryption at all.

Instead, they follow you.

Sign up for my FREE CyberGuy report

• Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by the millions who watch CyberGuy on TV every day.
• Plus, you’ll get instant access to my Free Scam Survival Guide when you join.

FBI WARNS ABOUT OTHER COUNTRIES’ APPS AND YOUR DATA

What was recently revealed by the FBI and CISA

According to the joint advisory, cyber actors tied to Russian intelligence are operating on a large scale. phishing campaigns target messaging apps.

These attacks don’t just happen. They focus on high-value targets such as government officials, military personnel and journalists. However, tricks can easily spread to everyday users.

Here’s the key takeaway: Hackers don’t hack apps themselves. They trick people into giving up access.

How these attacks on messaging apps actually work

This is where it gets interesting and restless. Instead of breaking encryption, attackers use phishing to gain control of individual accounts. Once inside, they can:

• Read private conversations
• Access the contact list
• Send messages as if you were you
• Launch new campaigns targeting your contacts

It becomes a chain reaction. One compromised account can quickly lead to many more. In some cases, attackers impersonate trusted contacts. That makes the scam feel real and urgent.

Why encryption is no longer enough

Encryption is still important. Protects messages as they travel between devices. But here’s the problem. When someone logs into your account, they see everything as you.

That means even the most secure app can’t protect you if your login is compromised. This is a change in the way cyber attacks work. The weak link is no longer technology. Human behavior.

AI IS NOW POWERFUL FOR CYBERATTACK, MICROSOFT WARNS

The FBI and CISA warn that attackers are targeting users of encrypted messaging apps by tricking them into giving up account access. (BackyardProduction/Getty Images)

Who is at risk of app phishing attacks?

While advice highlights high-quality targets, tactics don’t stop there.

If you use messaging apps:

• Personal conversations
• Communication at work
• Sharing sensitive information

You can be compulsive. Phishing works because it relies on simple mistakes. A quick tap on the wrong link is usually all it takes.

What does this mean to you?

This warning highlights a major trend. Cyberatta attacks get personal. Instead of attacking systems, hackers target people directly. That makes awareness your strongest defense. The more you understand how these scams work, the harder it is for attackers to succeed.

Ways to stay safe from app phishing attacks

You don’t need to be a cybersecurity expert to protect yourself. You just need to slow things down and follow a few smart habits.

1) Be suspicious of unexpected messages

If the message sounds urgent or out of place, pause. Or it looks like it came from someone you know.

2) Never click on suspicious links

Avoid links sent in messages unless you can independently verify them. Solid antivirus software can help detect suspicious behavior after a compromise. Find my picks for the best antivirus 2026 winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

3) Turn on two-factor authentication

Two-factor authentication (2FA) adds a second layer of protection even if your password is revealed.

TECH GIANTS UNITE TO FIGHT ONLINE FRAUDS

Officials say hackers can read messages, access contacts and impersonate users once they gain control of a messaging app account. (FreshSplash/Getty Images)

4) Watch for login notifications

Many applications notify when a new device logs in. Do not ignore these warnings.

5) Confirm requests in another way

If the contact asks for something unusual, call him or confirm through another channel.

6) Use a data removal service

Limit how much of your personal information is available online. Data removal services work to remove your data from merchant sites, making it harder for fraudsters to target you with phishing messages. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out there on the web by visiting Cyberguy.com.

7) Keep your device and apps updated

Post updates regularly. Security patches fix vulnerabilities that attackers can exploit after gaining access.

Kurt’s priority is taking

Messaging apps feel private. They feel safe. That sense of comfort is exactly what attackers rely on. Technology is still strong. The real question is whether your habits are sustainable. So the next time a message pops up that sounds off, trust that instinct and take a second look.

Have you ever received a suspicious message that made you stop and ask if it was real? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS PROGRAM

Sign up for my FREE CyberGuy report

• Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by the millions who watch CyberGuy on TV every day.
• Plus, you’ll get instant access to my Free Scam Survival Guide when you join.

Copyright 2026 CyberGuy.com. All rights reserved.