Here’s How to Protect Yourself From This Sophisticated Signal Scam.
Signal is one of the most secure encrypted communication platforms, but that doesn’t mean it’s impervious to attackers. For example, earlier this year, the FBI was able to recover deleted Signal messages from a defendant’s iPhone thanks to a vulnerability in the way it stores notifications. ( Apple has since patched the flaw .) Now, the app has become a target for hackers posing as Signal support in a sophisticated phishing attack aimed at gaining access to secure chat backups . Here’s what you need to know to protect your Signal account.
How the latest Signal scam works.
As TechCrunch reports , attackers are using an account called “Signal Support” to send phishing messages to potential victims asking for a recovery key. The message warns that backups of messages and media files are “at risk of permanent loss due to a sync issue,” and that if the user doesn’t provide their recovery key to the “support” team, they could lose access to their account and its data. Of course, this is all a lie: with the recovery key, the attackers can unlock your encrypted chat backups, which is their clear goal.
This phishing campaign likely primarily targets activists and other high-risk Signal users, such as journalists. However, some experts speculate that this tactic may be used more broadly by multiple attackers who are exploiting users’ trust in the app’s reputation for privacy and security. The platform also recently warned users about similar scams using fake customer support accounts aimed at account takeover. Signal will never ask you for your account information, such as your PIN or recovery key, and any such requests from so-called customer support are fraudulent.
Secure your Signal account now!
If you receive a message from Signal support or any user posing as an official representative asking for credentials or keys, do not provide this information. These are hackers posing as Signal, not trusted accounts. No legitimate company or platform will contact you without asking for your logins or other sensitive information. You should also enable Registration Lock , a Signal security feature that protects your account from hacking. Registration Lock prevents Signal from being installed on a new device (without an additional PIN) and subsequently blocked from accessing it. Go to Settings > Account and enable Registration Lock to prevent such attacks.