An investigative reporter at ProPublicer has been targeted by a series of sophisticated impersonation attempts aimed at contacting foreign military and defense officials. The incidents involve the use of the journalist's professional headshot and identity on encrypted messaging platforms like WhatsApp and Signal.
The first incident involved a Canadian military official who contacted the reporter to report an account using the journalist's name to solicit information via WhatsApp. The impostor used a Miami-based phone number and the reporter's official ProPublica headshot to pose as a legitimate media professional.
Two weeks later, a second attempt surfaced involving a Latvian businessman involved in Ukrainian drone development. The businessman reported receiving messages on Signal from an account claiming to be the reporter, attempting to discuss the application of unmanned aerial vehicles (UAVs) in the Ukraine conflict.
Phishing and Information Theft
The Latvian contact noted that the impostor refused to participate in video calls, instead requesting written communication or voice messages. The businessman eventually blocked the account after the impostor provided instructions for a 'secure' video chat that appeared to be a phishing attempt designed to compromise the businessman's email access.
While many digital scams, such as 'pig butchering' operations, focus on direct financial theft, these impersonation attempts do not appear to seek credit card information or gift cards. The focus of the messages appears centered on sensitive foreign military operations and defense technology.
Security experts note that the privacy-centric design of apps like Signal makes these attacks difficult to intercept. Because Signal does not store message content, the platform cannot automatically detect suspicious links or fraudulent patterns unless a user manually reports the account.
ProPublica's security team reported that limited recourse exists beyond reporting the fake accounts to the service providers. The identity of the actors behind the impersonations remains unknown, though the targets suggest an interest in intelligence gathering regarding international defense sectors.
