Signal has issued an urgent scam alert to users following reports that hackers are targeting prominent officials through advanced phishing attacks on the secure messaging app.
Dutch intelligence revealed a Russia-linked campaign impersonating Signal support staff to trick users into revealing SMS codes and PINs, affecting officials, military personnel, and civil servants globally.
Phishing attacks impersonate Signal support
Attackers send fraudulent messages posing as “Signal Support,” claiming suspicious activity or account issues require users to share verification codes or undergo re-verification.
These tactics bypass Signal’s end-to-end encryption by exploiting human error, potentially granting hackers full account access or device control.
Signal emphasizes its systems remain secure and unbreached, urging users never to disclose PINs or SMS codes sent during login.
Targets include high-profile users worldwide
The campaign, detected by Dutch agencies AIVD and MIVD, mirrors similar attacks on WhatsApp users and extends beyond the Netherlands to journalists, activists, and government figures.
Hackers use social engineering to create urgency, often directing victims to fake websites mimicking Signal’s interface for credential theft.
Past incidents, like NSA warnings on Russian phishing via Signal, highlight the app’s appeal to espionage due to its privacy features.
User protection tips amid rising threats
Signal advises blocking unknown messages, enabling disappearing messages, and verifying contacts through safety numbers before sharing sensitive info.
Users should avoid scanning untrusted QR codes for linked devices, a common scam vector, and report suspicious activity via the app.
WhatsApp echoed similar guidance, stressing zero tolerance for sharing six-digit codes essential for account recovery.
Broader risks from messenger app scams
These incidents underscore vulnerabilities in even encrypted platforms, where scammers exploit trust in support channels for data theft or surveillance.
Experts recommend two-factor authentication, regular PIN updates, and skepticism toward unsolicited security alerts on apps like Signal.
As phishing evolves, awareness campaigns aim to shield users from campaigns blending technical deception with psychological manipulation.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
