Many mainstream messaging applications are now becoming a threat to everyday privacy. Even the self-proclaimed end-to-end encrypted messengers are now compromising user privacy. Recent warnings from Dutch and German intelligence agencies have highlighted the growing risks.
The Anti-Phishing Working Group tracked around 3.8 million phishing attacks that were recorded globally in 2025, highlighting the prevalence of social engineering attacks and the severity of those attacks. Q2 2025 alone saw 1,130,393 phishing attacks, one of the highest quarterly numbers ever recorded.
The General Dutch Intelligence Agency (AIVD) and the Dutch Military Intelligence and Security Service (MIVD) revealed an ongoing Russian-backed campaign targeting users of Signal and WhatsApp. The attacks themselves are not technically sophisticated. Instead, they rely on classic social engineering tactics.
Consumer messaging apps with end-to-end encryption are designed primarily for personal use. While they provide strong encryption, they still collect your personal data and critical metadata, including phone number, email ID, and location, that compromises privacy. Especially, collecting phone numbers gives a way for malicious actors to employ social engineering.
In this blog, we’ll discuss the major attack vectors and how privacy messaging apps can help protect users from any form of malicious attacks.
What Is A Social Engineering Attack?
Social engineering attacks are a broad range of malicious attacks accomplished through human interaction. Social engineering happens in one or more steps. They come in different forms and can be executed wherever human interaction is involved.
Here are some of the social engineering attack techniques:
- Baiting: Luring victims with an attractive offer or free item to trick them into revealing information or installing malware.
- Scareware: Using fake security warnings or threats to pressure users into downloading malicious software or paying money.
- Pretexting: Creating a fabricated scenario or identity to gain someone’s trust and extract confidential information.
- Phishing: Sending deceptive emails or messages pretending to be legitimate organizations to steal login credentials or sensitive data.
- Spear Phishing: A highly targeted phishing attack customized for a specific individual or organization to increase credibility and success.
Recent Social Engineering Attacks
Recent cybersecurity reporting confirms that phishing has expanded far beyond email and now actively targets messaging platforms such as WhatsApp, Signal, Telegram, SMS, and workplace chat tools.
These tools are increasingly used for social-engineering attacks, where attackers impersonate trusted contacts or support teams.
Security agencies have also warned that attackers are successfully compromising messaging accounts through phishing and impersonation tactics rather than breaking encryption itself. This is possible via the use of OTP, SIM swap, PIN, and security code-based attacks, phone numbers being the primary cause.
In 2026, the Federal Bureau of Investigation reported large-scale campaigns targeting messaging users by posing as platform support staff and tricking victims into sharing verification codes or clicking malicious links.
Even though these apps are end-to-end encrypted, they are not entirely free of attack vectors. One solution here is to remove the attack surface, the phone number, altogether.
Private Messaging, By Design
The BChat privacy messaging app protects against these types of social engineering attacks by using a decentralized network of nodes to route data, removing central points of failure, removing the need for phone numbers, and by providing E2EE, which secures communication against interception.
How Decentralized Messaging Combats Social Engineering
No Centralized Compromises: Private messaging platforms avoid centralized servers, where a single hack can expose the stored data of millions of users. Decentralized messengers distribute data across multiple nodes or store encrypted data locally on user devices.
End-to-End Encryption: Privacy-focused messaging apps are built with end-to-end encryption to ensure protection against interception.
No Metadata Collected: Metadata exposes personal information through activity graphs. Some end-to-end encrypted messengers collect metadata and employ it for targeted ads and other purposes.
Stay Private, Stay Secure
Cyber threats and social engineering attacks are evolving rapidly. End-to-end encrypted messaging apps today require more than just buzzwords to secure user privacy. Privacy today entirely depends on how messaging platforms handle identity, metadata, relay messages and build their app from the ground up.
In an era where personal data is constantly exposed to tracking, surveillance, and manipulation, choosing the right messaging platform has become an essential part of protecting digital privacy.
Join our community to know more about our recent developments.
back to blog