News Download & print article PDF

NCSC warns of messaging app targeting

Alongside international partners, the NCSC has issued actions for individuals at risk of targeted attacks against messaging apps.

What has happened?

Messaging apps such as WhatsApp, Messenger and Signal are an important part of how we communicate every day.

The NCSC and international partners have seen growing malicious activity from Russia-based actors using messaging apps to target high-risk individuals.

Who is affected?

High-risk individuals face a greater likelihood of attacks against their accounts due to a combination of their role and potential access to sensitive information and important people.  You might be a high-risk individual if your work or public status means you have access to, or influence over, sensitive information that could be of interest to threat actors.

The NCSC has previously reported on the targeting of government officials’ accounts by China state-affiliated APT31, Russian Federal Security Service (FSB) actor Star Blizzard and Iran's Islamic Revolutionary Guard Corps (IRGC).

Attackers may attempt to:

• Trick you into sharing login or account recovery codes.
• Add their own device to your account without you noticing.
• Join group chats without detection.
• Impersonate someone you know.
• Phish you using malicious links or QR codes.

What should I do?

While anyone can be the victim of social engineering there are key actions you can take to reduce the risks against your personal accounts:

• Do not share sensitive information via messaging apps.
• For work communications, use corporately provided messaging services and devices where available and abide by your organisation’s policies.
• Do not share verification codes or scan unexpected QR codes.
• Enable two-step verification (for Signal users this is called Registration Lock in Settings).
• Enable passkeys where available (both WhatsApp and Signal support passkeys).
• Regularly check for linked devices in settings, review group members and remove or verify any participants you do not recognise independently.
• Beware of impersonations, unknown contacts and contacts appearing more than once.
• On personal accounts use disappearing messages that automatically delete after a set period – by turning this on you will limit what a successful attacker could access if they do manage to get in. However, you should have regard to any applicable record keeping requirements.
• The NCSC’s guidance for high-risk individuals on protecting accounts and devices supports all these recommended actions and includes information on accessing Individual Cyber Defence services to further improve your personal cyber resilience.
• The following NCSC advice should be considered:
  • Device Security guidance - choosing an enterprise instant messaging solution
  • Secure communications principles

Further advice and resources

Those working in government should follow government guidance on the use of non-corporate communications channels.

• Google has issued content about how multiple Russia-aligned actors are actively targeting Signal Messenger.
• Microsoft’s post also outlines the threat against messaging apps including lures designed to tricks users of these services.

Download & print article PDF Share Share Facebook LinkedIn X Copy Link

Published

31 March 2026

Written for

Cyber security professionals Large organisations Public sector

News type

Alert

Was this article helpful?

• Yes
• No Back to top Share Facebook LinkedIn X Copy Link ## Also see

Guidance

Defending democracy

Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.
Guidance

Top tips to ensure you are doing all you can to secure you and your family online