According to the ECB, the attack was “identified and halted quickly.” Business Insider broke the story. The news outlet claims unidentified hackers have stolen the identities of several leading German politicians, including Merkel, and are capitalizing on this to take over the social media accounts of other high-ranking figures.
What We Know About the Attack
An unnamed source told Reuters that Lagarde received an SMS text from a number that appeared to be Merkel’s asking for a WhatsApp authentication code. The hackers posing as Merkel attempted to convince Lagarde to go along with their plot, saying communicating over WhatsApp is more secure. Lagarde reportedly reached out to Merkel over the phone to confirm the odd request, and the scam was uncovered. Sharing the authentication code would have given the attackers access to Lagarde’s WhatsApp account. The ECB said it has launched an investigation into the cyber incident, adding that no information was compromised. “We have nothing more to say as an investigation is ongoing,” an ECB spokesperson said. The German Police, the Office for the Protection of the Constitution, and the Federal Office for Information Security are also investigating the incident.
Hackers Target Top German Politicians
While WhatsApp scams are neither new nor uncommon, the origin of this attack raises some concerns. There could be dire consequences if criminals successfully take over the accounts of leading figures in the political and economic sphere. According to Business Insider, the State Secretary at the German Chancellery, Jörg Kukies, is one of the politicians whose identities have been stolen. Reuters cited a letter from German law enforcement earlier this month, warning politicians about such social engineering scams. Meanwhile, German politicians have reportedly been given a five-page document to raise their awareness about social engineering attacks.
A Rise in Social Engineering Scams
There has been a spike in social engineering scams over the past few months. In such attacks, a threat actor tries to steal information, such as login credentials or security codes, from their victims. The attackers usually impersonate a trusted person, like fellow employees or IT personnel, to get the victim to lower their guard. Most social engineering scams begin with a phishing attack. However, criminals also use other sophisticated techniques to execute their nefarious campaigns. In June, a cybersecurity researcher discovered a scam where attackers convinced victims to turn on call-forwarding, and then took advantage of this to gain access to their WhatsApp authentication codes and take control over their accounts. In April, we reported on a similar social engineering scam targeting Instagram users. And in March, we reported on hackers impersonating law enforcement to trick Apple and Meta into handing over user information. If you found this story interesting and want to learn how to protect yourself from social engineering scams, our detailed guide is a great resource.
