Fake Customer Support Messages Are Stealing Passwords. How to Spot the Scam

A sophisticated scam has been stealing passwords from thousands of people by pretending to be legitimate customer support messages. The Security Service of Ukraine and the FBI uncovered a long-running campaign where attackers send fake text messages that look like security alerts from messaging apps. These messages claim there is a problem with your account and ask you to click a link to verify your identity. When you click and enter your password, the scammers steal it. This campaign initially targeted government officials, military personnel, politicians, and activists in Ukraine, Europe, and the United States. However, the same tactics can be used against anyone.

If you use popular messaging apps and have received unexpected security alerts or support messages, you could be affected. The scam relies on tricking people into thinking the message is real and urgent.

Take these steps immediately. First, delete any text messages claiming to be security alerts that ask you to click links or enter passwords. Second, never click links in unexpected messages, even if they look official. Third, if you are concerned about your account security, open the app directly or type the website address yourself instead of clicking message links. Fourth, change your passwords on all messaging apps if you think you may have responded to one of these fake messages. Fifth, enable two-factor authentication on all your accounts so a stolen password alone cannot give attackers access. Going forward, remember that legitimate companies rarely ask you to verify your password through text message links. When in doubt, contact the company directly using a phone number or website you look up yourself, not one provided in the message. Teach your family members, especially teenagers and elderly relatives, to be suspicious of urgent security messages. These scams work because they create panic and rush you into acting without thinking.