Phishing Targeting Signal Users: Attackers Demand Backup Keys

Colleagues, I’d like to draw attention to a new wave of phishing targeting Signal users.
Josh Rogin shared a screenshot showing attackers posing as “Signal Support,” demanding a recovery key under the pretext of “synchronization” and threatening loss of backups. Mohammed Al‑Maskati from Access Now confirmed similar reports, indicating a broader campaign.
Key points:
- The recovery key is used to decrypt Secure Backups; Signal never asks for codes, PINs or keys.
- Do not share keys or codes. Store keys in a password manager or offline. Enable Registration Lock.
Why it matters: leaking the key grants access to past messages and files, compromising privacy.
Have you encountered similar phishing attempts?
#cybersecurity #phishing #Signal #infosec


Latest comments
No comments yet.