Phishing continues to cause damage and victims. Today, the Signal messaging app is the collateral victim of a new, particularly well-established, large-scale attack targeting Twilio. The data of 2,000 users was stolen. We bring you up to date on this news that does not reassure you and on the different techniques to avoid being fooled by phishing.
Scammed email app
Strictly speaking, Signal is not the victim of this phishing scam, but Twilio. It is an unknown but essential company to allow the proper functioning of the messaging application. And for good reason, it’s Twilio that provides Signal with a phone number verification service when a user signs up for instant messages.. But Twilio is the victim of a phishing attack, and in the fall of it he denounced Signal, and the data of 2,000 users.
How did this attack work? It directly affected Twilio employees, who were asked to log back into their account by the fake company IT department. He knows how to fish. Fraudsters copied the IT department interface to play on the credulity of employees. And it worked. Since the employees followed the fraudulent link, the scammers gained access to the credentials. Therefore, they were able to attack Signal users.
What email data was stolen?
As soon as Signal became aware of the scam, a statement was released. The messaging app starts by notifying 1,900 users. A hacker could try to re-register the number on another device or learn that the number was registered with Signal. On the other hand, and this is good news, no other data was affected (for example, message history, contact lists, profile information or any other personal data). Why ? Because they are not stored on Signal’s servers. They are stored directly on the device.
The app specifies that the hacker behind this huge phishing campaign was actually looking for three numbers. He was able to get one. He was therefore able to send messages with the victim’s account. To remain silent, Signal users will need to re-register with the app (if prompted) and enable the Log Blocking feature (in Settings). We recommend that you do this to be on the safe side because this option was simply designed with the possibility of such a scam in mind.
Phishing claims many victims
It’s a scam based on a childishly simple, but devilishly effective system. Scammers simply pretend to be an official organization. The victims believe they are in the right place and are guided. They end by indicating their personal data. And it’s already too late. This information is in the hands of malicious people who sometimes empty the accounts of the victims.
Official agencies often issue press releases to indicate that they are being targeted by criminals. This is the case of CAF or Correos, often copied to allow fraudsters to recover sums of money.
To give you an example of phishing, you have no doubt faced incessant calls, emails and/or SMS related to the CPF. In fact, the scammers are going crazy. His goal is simple. methey want to regain access to your account to suck all the euros out of it. In order not to fall into the trap, start with a simple observation, valid for all scams.
You should simply never fill in personal information by clicking on a link received by email. If in doubt, go to the official website yourself, bypassing a link received by email. scammers are good. For example, they send you an email pretending to be CAF. And the site they create for the occasion looks like two drops of water to the official site.
#Alerte #info #cette #application #messagerie #victime #dun #piratage..