Bitdefender warns journalists on phishing & source safety

Bitdefender has issued cybersecurity advice for journalists on phishing, device security and source protection, addressing risks faced by staff reporters, freelancers and investigative journalists.

The guidance covers physical safety, account security, travel precautions and the growing use of artificial intelligence tools that may expose sensitive reporting material. It warns that threats range from cybercriminals seeking credentials to state-linked groups using spyware and impersonation.

Broad threats

Speakers described operational security for journalists as controlling what others know about their personal and professional lives to protect sources and prevent interference in reporting. Sensitive information can include a home address, phone number, email account, IP address and details about family members or close contacts.

Exposure can lead to harassment, account compromise, impersonation or physical danger. The session argued that journalists should match their defences to the threat they face, rather than treat cyber risk as a narrow issue limited to hacked inboxes.

Phishing featured heavily in the recommendations. Attackers often rely on trust and urgency rather than technical sophistication, with spear-phishing attempts tailored to individual reporters through personalised messages, documents or requests.

The speakers also framed social engineering as a broader problem than email scams alone, warning that phone calls and in-person impersonation can be used to extract information or gain access to systems and devices.

"Validating unusual requests through alternate channels before action," said Bogdan Botezatu, Director of Threat Research and Reporting at Bitdefender.

Device risks

Mobile phones were identified as a major weak point, especially Android devices. Malware or spyware on a handset may gain access to location data, cameras, calls, messages and stored files, creating serious risks for reporters handling confidential information.

The session recommended keeping physical control of devices and avoiding apps from untrusted sources. It noted that iPhones face fewer routine threats but are not immune, particularly when advanced attackers exploit so-called zero-click flaws that require no user interaction.

For higher-risk reporting, the guidance urged journalists to separate work and personal devices, keep phones switched off when not in use and avoid opening suspicious files on primary machines. Full-disk encryption and limiting app installations were presented as basic precautions rather than specialist measures.

Account security was another central theme. Reusing credentials across cloud services was described as a growing problem because passwords exposed in one breach can quickly be tested elsewhere. The recommended response was to use unique passwords, store them in a password manager and enable multi-factor authentication.

Authenticator apps or hardware keys were presented as stronger options than SMS codes. The speakers warned that SMS-based verification remains vulnerable to SIM swapping, making it less suitable for higher-profile targets.

Freelance exposure

Freelancers and investigative reporters were singled out as facing sharper risks because they often work outside a company IT structure. Without that support, malicious links, infected documents and spoofed contacts may be harder to spot and easier to act on under deadline pressure.

The session advised journalists to verify suspicious approaches through a separate channel before replying or downloading anything. It also suggested compartmentalising communications so different sources are handled through different accounts or apps, reducing the risk of accidental crossover.

Encrypted messaging services such as Signal and WhatsApp were recommended over SMS for day-to-day communication. For more sensitive work, the session discussed secure email providers and privacy-focused operating systems such as Tails OS as ways to reduce metadata exposure and avoid leaving traces on devices.

Travel measures

Border crossings were described as a point of heightened exposure because devices may be inspected or seized. Recommendations included storing sensitive material in encrypted vaults, travelling with burner or sanitised devices where practical, and turning devices off before crossing a border to clear volatile memory.

Biometric unlocking was discouraged in those situations because legal protections may be weaker than for passcodes. The workshop also encouraged journalists to store notes offline where possible and encrypt removable media.

AI caution

The guidance also focused on digital footprint monitoring and the risks linked to AI tools. Journalists were told to review what information about them is publicly visible online and limit unnecessary social media exposure, because aggregated data from breaches and public profiles can reveal detailed patterns about relationships and movements.

AI chatbots were flagged as another source of exposure. The speakers warned that unpublished reporting, draft stories or source details entered into online AI systems could be retained, leaked or used in model training. Deepfake audio was also identified as a practical threat, with fake calls potentially used to impersonate editors, colleagues or sources.

"Balancing paranoia with operational practicality," said Botezatu.