Signal adds in-app phishing confirmations and warning messages
Security Tool/Service
Summary
Hide ▲
Show ▼
Signal added in-app confirmations and warning messages to slow phishing and social-engineering attempts that could expose accounts, chats, and contacts. The update matters because it adds friction before users approve suspicious external requests. It also warns users that Signal will never ask for a registration code, PIN, or recovery key. The change is aimed at reducing fraud driven by bogus support impersonation and device-linking abuse.
Related Happenings
Suspected Russia-linked Signal phishing campaign targeting political accounts
Campaign
First: 28.04.2026 13:54
Last: 28.04.2026 13:54
Sources 1
How related:
All incidents were attributed to Russian state-sponsored hackers, who abused the Linked Device feature to gain access to the target’s account, chats, and contacts lists.
About this happening:
A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Suspected Russia-linked Signal phishing campaign targeting political accounts
CampaignHow related: All incidents were attributed to Russian state-sponsored hackers, who abused the Linked Device feature to gain access to the target’s account, chats, and contacts lists.
About this happening: A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Latest development: 12.05.2026 22:40
Signal introduced new in-app confirmations, warning messages, and educational prompts to help users resist phishing and social engineering attempts, including bogus Signal Support lures and requests to scan QR codes or share registration codes, PINs, or recovery keys.
Deepfake finance and identity defenses shift to verbal passcodes and callback checks
Defensive Guidance
First: 27.04.2026 16:00
Last: 27.04.2026 16:00
Sources 1
About this happening:
**AI deepfake** fraud defenses are shifting toward **verbal passcodes**, **callback verification**, and a **pause-before-act** policy for **high-value financial requests**. These...
Deepfake finance and identity defenses shift to verbal passcodes and callback checks
Defensive GuidanceAbout this happening: **AI deepfake** fraud defenses are shifting toward **verbal passcodes**, **callback verification**, and a **pause-before-act** policy for **high-value financial requests**. These...
NCSC alert on messaging-app targeting of high-risk individuals
Public Sector Action
First: 02.04.2026 17:15
Last: 02.04.2026 17:15
Sources 1
About this happening:
The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...
NCSC alert on messaging-app targeting of high-risk individuals
Public Sector ActionAbout this happening: The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...
WhatsApp anti-scam protections now warn on fraudulent device-linking requests
Security Tool/Service
First: 26.03.2026 16:06
Last: 26.03.2026 16:06
Sources 1
About this happening:
**WhatsApp** rolled out **anti-scam protections** that warn users when **device-linking requests** look suspicious, adding a new user-facing control against **fraudulent account-l...
WhatsApp anti-scam protections now warn on fraudulent device-linking requests
Security Tool/ServiceAbout this happening: **WhatsApp** rolled out **anti-scam protections** that warn users when **device-linking requests** look suspicious, adding a new user-facing control against **fraudulent account-l...
Signal and WhatsApp anti-phishing account-hardening guidance
Defensive Guidance
First: 21.03.2026 15:17
Last: 21.03.2026 15:17
Sources 1
About this happening:
A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...
Signal and WhatsApp anti-phishing account-hardening guidance
Defensive GuidanceAbout this happening: A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...
Timeline
-
12.05.2026 22:40 2 articles · 14d ago
Signal adds anti-phishing confirmations
Mitigation Patch UpdateSignal introduced new in-app confirmations, warning messages, and educational messaging to slow phishing and social engineering attempts against Signal users. The update adds legitimacy cues such as 'Name not verified' and 'No groups in common', prompts users to confirm new requests, and reminds them that Signal will never ask for a registration code, PIN, or recovery key.
Show sources
- Signal adds security warnings for social engineering, phishing attacks — www.bleepingcomputer.com — 12.05.2026 22:40
- Signal adds security warnings for social engineering, phishing attacks — www.bleepingcomputer.com — 12.05.2026 22:40