Signal phishing warning

German authorities have renewed warnings that phishing attacks on Signal users are still spreading, after reports that Bundestag President Julia Klöckner’s account was compromised. (verfassungsschutz.de) (politico.eu) The Federal Office for the Protection of the Constitution and the Federal Office for Information Security first issued a joint warning on February 6, 2026, saying a “likely state-controlled” actor was targeting senior figures in politics, the military, diplomacy, and investigative journalism in Germany. (verfassungsschutz.de) (bsi.bund.de) On April 17, the agencies said the campaign remained active and was gaining momentum. Their updated notice warned that unauthorized access to one messenger account can expose private one-to-one chats and potentially compromise entire group conversations. (verfassungsschutz.de) (bsi.bund.de) The agencies are not describing a break in Signal’s encryption. They say the attackers are using phishing and impersonation — tricking people into handing over codes, linking a new device, or trusting a fake support contact. (bsi.bund.de 1) (bsi.bund.de 2) That distinction shapes the risk. If an attacker takes over a real account, the messages look authentic to colleagues, which can expose contact lists, unpublished drafts, payment details, schedules, and plans for releasing information. (heise.de) (bsi.bund.de) Politico reported on April 22 that Klöckner, the president of Germany’s lower house of parliament and the country’s second-highest-ranking official in protocol terms, was among the victims, citing Der Spiegel. The Bundestag administration declined to comment on “security-critical infrastructure,” and Klöckner’s Christian Democratic Union did not immediately respond, Politico said. (politico.eu) Heise reported the warning was updated after the Klöckner case became public and said domestic intelligence had informed political parties and parliamentary groups about possible data leaks from affected chat groups. The report also said there was no indication that Chancellor Friedrich Merz’s own phone had been compromised. (heise.de) The German guidance tells users to treat unexpected security prompts with suspicion, verify requests through a second channel, and review linked devices and registration settings. The agencies’ message is narrower than a product warning: secure apps can protect messages in transit, but they cannot stop a user from being fooled into opening the door. (bsi.bund.de 1) (bsi.bund.de 2)