PHISHING ATTACKS ON ENCRYPTED MESSENGERS: METHODS, RISKS AND PROTECTION RECOMMENDATIONS (USING THE EXAMPLE OF SIGNAL MESSENGER)
DOI:
https://doi.org/10.28925/2663-4023.2025.27.734Keywords:
Keywords: cybersecurity, phishing, encrypted messengers, Signal, device linking, QR codes, two-factor authentication, data protection.Abstract
This article analyzes phishing attack methods that pose a serious threat to encrypted mobile messengers, particularly Signal. Special attention is given to the latest techniques used by Russian hackers associated with the GRU RF, involving fake QR codes. It is demonstrated how attackers can unauthorizedly link additional devices to user accounts, enabling real-time communication tracking. The effectiveness of various security measures is examined, including Signal’s security updates, two-factor authentication, comprehensive operating system protection, and tools such as Google Play Protect.
The presented findings highlight the necessity of increased vigilance regarding QR code verification and regular monitoring of linked devices. The practical recommendations provided in this study aim to reduce the risk of account compromise, protect confidential information, and enhance users’ overall cybersecurity levels.
Additionally, the article explores potential improvements to messenger security systems, which may be beneficial for developers, government agencies, and cybersecurity professionals. Furthermore, challenges associated with integrating advanced security technologies are discussed, as well as the adaptation of traditional approaches to modern cyber threats.
Thus, this research makes a significant contribution to developing modern methodologies for countering phishing attacks, identifying future directions for the design and implementation of protective technologies for mobile platforms, ensuring a higher level of privacy and security in the digital environment.
Keywords: cybersecurity, phishing, encrypted messengers, Signal, device linking, QR codes, two-factor authentication, data protection.
Downloads
References
Chiu, D. C., Chiu, D. K. Y., & Leung, H. F. (2019). Phishing on mobile devices: Classification, risks and countermeasures. International Journal of Mobile Communications, 17(4), 531–550. https://doi.org/10.1504/IJMC.2019.10020411
Jakobsson, M., & Myers, S. (2006). Phishing and countermeasures: Understanding the increasing problem of electronic identity theft. Hoboken, NJ: Wiley. https://doi.org/10.1002/0471789447
Abu Khalaf, M. M., Zin, A. N. M., & Sahibuddin, S. (2018). Security threats analysis in mobile messaging applications. Journal of Theoretical and Applied Information Technology, 96(17), 6028–6041.
Chornyi, O. V., & Petrova, K. S. (2021). Social engineering as a tool for phishing attacks: Current trends. Bulletin of the Kyiv National University, 15, 104–112.
Omrani, R., & Souissi, N. (2018). Analysis of Telegram security for mobile communication. In Proceedings of the 15th International Conference on Security and Cryptography, 367–374. https://doi.org/10.5220/0006885303670374
Brooks, M. (2021). Phishing attacks on WhatsApp: Techniques and prevention. Computer Fraud & Security, 2021(8), 11–16. https://doi.org/10.1016/S1361-3723(21)00080-3
Schneier, B. (2015). Applied cryptography: Protocols, algorithms, and source code in C (2nd ed.). New York, NY: John Wiley & Sons. https://doi.org/10.1002/9781119183456
Anderson, R. (2010). Security engineering: A guide to building dependable distributed systems (2nd ed.). Wiley. https://doi.org/10.1002/9781118008361
Signal protocol documentation. (n.d.). Open Whisper Systems. https://signal.org/docs/
OWASP Mobile Security Project. (n.d.). OWASP Foundation. https://owasp.org/www-project-mobile-security/
Protect against harmful apps with Google Play Protect. (n.d.). Google. https://support.google.com/accounts/answer/2812853
Security updates and guidance. (n.d.). Microsoft. https://msrc.microsoft.com/update-guide
Digital identity guidelines (NIST Special Publication 800-63-3). (2017). NIST. https://pages.nist.gov/800-63-3/
Kabiri, A., & Ghorbani, A. A. (2019). Research in cyber security: A review. Computers & Security, 86, 18–26. https://doi.org/10.1016/j.cose.2019.05.012
Böhme, R. (2010). Security metrics and security investment models. In Advances in Information and Computer Security, 10–24. https://doi.org/10.1007/978-3-642-15346-4_2
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Дмитро Прокопович-Ткаченко, Володимир Звєрєв, Валерій Бушков, Борис Хрушков
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
