{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreic34ecpvs5mcpmuf7us6lmxjg5srxc4o4l7hkppil2jfxzhydkqmy",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mgqazgyzzyb2"
  },
  "path": "/t/cybersecurity-advisory-phishing-via-messaging-apps-signal-and-whatsapp/36124#post_6",
  "publishedAt": "2026-03-10T20:37:47.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "I will at my two cents here:\n\n**Attack method one:**\nAt this point I don’t think Signal can do much more against such attacks. These are so standard and easy recognizable.\nThere are two “Signal Service” Channels one called “Note to self” the other “Signal” and both have a fat blue tick next to each other. That only official Signal channels are able to have.\nBesides the fact that it is easily spotted which channel/contact belongs to the actual Signal service and which one if fake, no service in the history of tech ever tried to us for credentials in its own chat.\n\nIf people still fall for this exact attack it is a lack of critical thinking and education.\n\n**Attack method two:**\nAnd here we are with bad design choices. The all known QR-codes.\nThe problem with this QR-codes is that they are not only used for login in or login in into a different device.\n\nFor example, I can send you my Signal username/Signal user link via an QR-code instead of the username or link. This is an official-supported feature of signal.\nNow if someone wants to add me they need/can scan this QR-code with signal itself.\n\nIf I now send instead of the QR-code from my username the QR-code of a new device login, a potential victim will fall for this pretty easily.",
  "title": "Cybersecurity Advisory. Phishing via messaging apps Signal and WhatsApp"
}