Signal Adds In-App Warnings to Combat Phishing Attacks Targeting Linked Devices
Signal introduced new in-app security warnings to counter phishing and social engineering attacks that exploited its 'linked devices' feature, following warnings from the FBI and CISA about Russian-linked hackers targeting the platform.
Signal has rolled out new in-app security warnings to protect users from phishing and social engineering attacks that have increasingly targeted the encrypted messaging platform. The move comes after the FBI and CISA issued a warning in March stating that Signal had become a primary target of Russian intelligence-linked hackers. Dutch and German security authorities were among the first to identify phishing campaigns specifically designed to compromise Signal accounts.
The attacks centered on Signal's 'linked devices' feature, which allows users to sync their account across multiple devices. Attackers contacted targets while posing as trusted entities, such as support teams or known contacts, and prompted them to scan a QR code or approve a device-linking request. Once approved, the attacker's device became linked to the account, allowing them to read messages as they were sent and received. In other cases, attackers attempted to take over accounts by persuading users to share one-time verification codes or PINs, often under the guise of a security-related request.
To counter these threats, Signal has introduced several new protections. One key addition is a 'name not verified' warning that informs users that profile names on Signal are not verified and can be chosen freely by account holders, making impersonation attempts easier. The company also added an extra confirmation step when users accept message requests. After the initial request screen, a second prompt reminds users to only accept requests from trusted contacts and warns that Signal will never ask for registration codes, PINs, or recovery keys.
Additional changes include expanded in-app safety tips advising users not to respond to chats claiming to be from Signal, carefully review profile names and photos, and remain alert for phishing and impersonation scams. Signal stated that these measures are part of an ongoing effort to improve user security and that 'more changes are on the way.'
The phishing campaigns targeting Signal highlight the growing sophistication of social engineering attacks, even on platforms known for strong encryption. By exploiting the trust users place in the platform's security, attackers have found a way to bypass technical protections. Signal's response demonstrates a proactive approach to user education and interface-level defenses, which are critical in an era where human error remains a primary vector for compromise.
Security experts have praised Signal's move, noting that in-app warnings can be highly effective when they interrupt risky user actions. However, they caution that no single measure is foolproof and that users must remain vigilant. The FBI and CISA continue to monitor the threat landscape, and Signal's updates represent a significant step in protecting its user base from state-sponsored phishing campaigns.