Hackers are hijacking encrypted messaging accounts. Here's what to do now. ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­    ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­  
View in browser
ESX Form Banner

Intelligence agencies and platform providers have issued urgent warnings regarding a global cyber campaign aimed at hijacking accounts on encrypted messaging services. This activity primarily targets government officials, military personnel, and journalists, but the tactics can be used against any user.

 

The threat actors are not breaking the apps' security or "hacking" the encryption. Instead, they are using trickery to get you to give them the keys to your account. Leading platforms have confirmed their systems are still secure and have not been breached. The problem happens when users are tricked by scammers pretending to be technical support or a known friend. These scammers try to get you to share your text message verification codes or security PINs. While recent news has focused on specific apps, this trick can work on any messaging or social media platform.

 

Key takeaways

  • The Threat: Attackers are using phishing and social engineering to take over individual communication accounts and monitor sensitive dialogues.
  • Immediate Action: Never share on-time passwords (OTP), text message verification codes, or PINs with anyone. Be wary of unsolicited requests to scan QR codes to join groups or "verify" your identity.
  • Stay Alert: Treat any "official" message asking for security credentials as a red flag. These platforms will almost never ask for your code through a chat interface.
  • Cybersecurity First-Things-First: Review the Election Security Exchange's First Things First: Cybersecurity Fast Wins for Election Offices for helpful hints or ways to stay safe.

Why this matters

Hackers are shifting their strategy. Instead of trying to "crack the code", they are simply walking through the front door by trying to manipulate the user. This approach is highly effective because it relies on human trust rather than technical skill, making it a threat to anyone using these platforms for sensitive work.

If someone manages to connect their own device to your account, encryption cannot protect you or the data because the attacker is viewed by the system as a "legitimate" owner of the account. They see what you see.

 

Users should know what to watch for:

  • Authentication Requests: Receiving a text message or notification with a verification code that you did not personally trigger.
  • Impersonation of Support: Messages from accounts claiming to be "System Security" or "Technical Support" asking you to provide a code to "prevent account deletion."
  • Unexpected QR Codes: Prompts to scan a QR code to "sync" an account or join a secure channel that appears unexpectedly or came from unverified sources.
  • Ghost Members: In group settings, look for duplicate participants or accounts that suddenly change their name to something generic like "System" or "Deleted User."
  • Linked Device Notifications: Platform alerts stating that a new device has been logged into your account when you have not added one.

What to do now

The best way to protect your communications across all platforms is to implement the following security hygiene practices:

  • Enable Additional Authentication: Use "Registration Lock" or "Two-Step Verification" features. This requires a secondary PIN (that you create) before an account can be moved to a new device, even if the attacker has your text message code.
  • Audit Active Sessions: Regularly visit the "Linked Devices" or "Active Sessions" menu in your app settings. Immediately log out of any device or location you do not recognize.
  • Use Disappearing Messages: Enable auto-delete or disappearing message timers for sensitive threads. This limits the "data at rest" available to an attacker if they manage to gain temporary access.
  • Verify Identity: If a contact or colleague begins acting strangely or asks for sensitive info, verify their identity through a different mechanism, like a phone call or a separate email.
  • Maintain Platform Updates: Ensure your communication apps are updated to the latest version to benefit from the most recent security patches and "suspicious login" detection features.

For additional guidance on securing communications and protecting sensitive operations, please refer to the publicly available, nonpartisan resources at the Election Security Exchange website.
LinkedIn
YouTube
Email
Website

Copyright © 2026 Election Security Exchange. All rights reserved. TLP:CLEAR

 

You are receiving this email because you subscribed to the Election Security Exchange Alerts & Advisories.

 

Find this useful? Pass it along and invite other election teams to subscribe.
Subscribe

Election Security Exchange

712 H Street NE, Suite 2456

Washington, DC, 20002, United States

Unsubscribe Manage Preferences