New Phishing Scam Targets Signal Users to Steal Encrypted Backup Keys

Recent technical reports have exposed a new phishing campaign targeting users of the encrypted messaging app Signal, aiming to steal backup keys for conversations.

Cybersecurity specialists have issued increasing warnings about a rise in attacks relying on social engineering tactics rather than direct technical breaches.

The attackers send messages impersonating Signal's technical support team, claiming there is a problem with backup synchronization that could result in the loss of stored chats and files.

These messages ask victims to share their backup recovery key, which is the code that enables encrypted data restoration when logging in from a new device.

Security experts caution that providing this key could allow attackers to access the contents of users’ backup files.

Digital security researchers have noted that these attacks represent an advanced form of social engineering, exploiting the high level of trust Signal holds among journalists, activists, and privacy advocates.

Reports also indicate that several digital rights workers have already received similar messages in recent days, suggesting the campaign’s scope extends beyond any single country or demographic.

Signal previously confirmed that it never requests users to share registration codes, recovery keys, or PINs via messages or email, considering any such contact a direct fraud attempt.

This phishing campaign is part of a broader wave of cyberattacks targeting secure communication applications and digital communication services worldwide.

In recent months, European intelligence agencies have warned of similar operations targeting messaging app users through social engineering methods instead of exploiting technical vulnerabilities.

Additionally, major technology companies and digital service providers have experienced data breaches and leaks this year, indicating an increased reliance by hackers on psychological manipulation to access sensitive information.

Cybersecurity professionals emphasize that the most effective defense against these attacks is raising digital awareness and refraining from sharing sensitive data or recovery keys with any party, regardless of how trustworthy they appear.

Users are also advised to enable additional security measures and verify any messages claiming to provide technical support exclusively through official channels to avoid falling victim to the growing number of cyber fraud attempts.