Signal adds security warnings for social engineering, phishing attacks

Signal adds security warnings for social engineering, phishing attacks By Bill Toulas May 12, 2026 03:40 PM 0 Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. The purpose is to introduce enough friction that users get the time to evaluate the safety of an external request. Recently, there have been attacks targeting high-profile users with bogus ‘Signal Support’ alerts, as highlighted by the FBI, the Dutch government, and the German authorities. All incidents were attributed to Russian state-sponsored hackers, who abused the Linked Device feature to gain access to the target’s account, chats, and contacts lists. The attack works by convincing the victim to scan a QR code or share one-time codes, supposedly as part of a verification process to protect their accounts from suspicious activity. This allows threat actors to link their device to the target account and obtain access to all the data. “To help protect Signal users from phishing and social engineering attacks, we’ve introduced additional confirmations and educational messaging in the app to help people better detect fraudulent profiles, especially message requests from scammers posing as Signal,” the vendor explained. The new protections are summarized as follows: Signal will display a ‘Name not verified’ underneath contacts that establish communication via direct messages, and also a ‘No groups in common’ to highlight the lack of any association with the recipient. When a new request arrives, Signal will prompt the user to confirm the acceptance while reminding them that it will never request their registration code, PIN, or recovery key. Safety tips are now richer, with new entries and additional info. Reminders to never respond to chats pretending to come from Signal Support will be pushed to users. Signal's new phishing and social engineering protections Source: Signal Social engineering remains one of the most effective forms of cyberattack, providing a complete bypass of existing security measures. Users should stay on high alert for suspicious messages from unknown contacts, especially requests to scan QR codes or share verification codes. Signal users should also check for rogue linked devices in settings and remove any they don’t recognize. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: TikTok for Business accounts targeted in new phishing campaign FBI links Signal phishing attacks to Russian intelligence services Android 17 to expand banking scam call and privacy protections Webinar this week: Prevention alone is not enough against modern attacks Hackers abuse Google ads for GoDaddy ManageWP login phishing