Signal Warns of Phishing Attacks, Urges Registration Lock Activation

The Signal Foundation has alerted its users to an ongoing, large-scale phishing campaign primarily targeting politicians, journalists, diplomats, and military personnel in Germany. The attackers are not compromising Signal's encryption or infrastructure, but are instead using social engineering to deceive users.

Attackers create legitimate Signal accounts, impersonate "Signal Support," and then attempt to manipulate targets into revealing their login credentials through various deceptive messages. The foundation notes that such "social engineering" attacks, which exploit human traits like trust and fear, are a burden for any widely used messaging app as it scales.

Once login credentials are obtained, attackers can take over a victim's Signal account and attempt to change the associated phone number, leading to de-registration of the original account. They often preemptively convince victims that this de-registration is normal and prompt them to log in again. This action results in the victim creating a new account while the attacker gains control of the old one, using it to gather intelligence from the victim's contacts and group chats.

Signal is planning to implement changes in the coming weeks to help hinder these types of attacks, though specifics have not yet been revealed. The foundation reiterates that no Signal Support representative will ever request verification codes or a Signal PIN. Users are strongly advised to enable "Registration Lock" in their Signal settings for an additional layer of protection.