New Phishing Scam Targets Signal Users
Cybercriminals are targeting Signal users through a sophisticated phishing campaign designed to steal backup recovery keys and gain access to encrypted message archives.
The scam begins with a message impersonating Signal Support, warning users that their account data is at risk and urging them to share their recovery key.
The attack exploits Signal's Secure Backups feature, which stores encrypted conversation archives protected by a unique 64-character recovery key.
If attackers obtain this key and gain access to an account, they can decrypt and view a user's entire message history.
Security researchers have observed the attacks targeting journalists, activists, and other high-risk individuals.
However, experts warn that the technique could quickly spread to a broader audience as cybercriminals recognize its effectiveness.
Several warning signs indicate the messages are fraudulent, including urgent threats of data loss and requests to share sensitive recovery information.
Signal has repeatedly stated that it will never ask users for recovery keys, PINs, or verification codes.
Users are advised to ignore unsolicited support messages, never share secret credentials, enable additional account protections, and verify any security alerts directly through the Signal application.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.




