WhatsApp and Signal Scams Resulting in Microsoft Account Breaches: Tips for Your Protection

Uncategorized Mihnea


Remain Alert: Cybercriminals Target Microsoft 365 Accounts through WhatsApp and Signal

For those using Microsoft 365, heightened vigilance is essential. Cybersecurity specialists are alerting users that cybercriminals are increasingly focusing on Microsoft accounts via well-known messaging platforms like WhatsApp and Signal.

A report from tech and cybersecurity outlet Bleeping Computer indicates that threat actors linked to Russia are impersonating government officials from European nations to deceive individuals into relinquishing access to their Microsoft 365 accounts. These assaults have mainly been directed at persons associated with human rights organizations and those linked to Ukraine.

The objective of the attackers is to mislead individuals into providing Microsoft authorization codes or clicking on harmful links designed to capture login credentials and temporary access codes. Cybersecurity firm Volexity has been tracking these phishing schemes since March and has released a comprehensive blog post detailing the methods employed in these attacks.

How the Fraud Operates

According to Volexity’s findings, the cybercriminals are contacting victims via Signal, WhatsApp, and even a hacked Ukrainian government email. The communications typically masquerade as meeting invitations concerning Ukraine, enticing recipients to click on malicious links.

The blog post features screenshots of the deceitful messages, serving as a valuable guide for anyone uncertain about the authenticity of a received message. If you receive a message—even more so if it pertains to Ukraine or human rights—that prompts you to click a link or share a code, treat it as a warning sign.

Safeguard Yourself

Maintain a degree of skepticism towards unsolicited messages, particularly those requesting sensitive details or directing you to unknown websites. If you are involved in a high-risk sector such as human rights or international relations, exercise additional caution and consult your IT or security personnel for best practices.

Have You Been Affected?

If you’ve encountered a scam or security compromise, Mashable would like to know. Share your experience by emailing [email protected] with the subject “Safety Net” or by using this submission form. A member of the Mashable team will reach out.

Stay secure online—and think carefully before clicking.