Find notable cyber news and cases, enriched with sources, timelines, and signals.

Signal adds in-app phishing confirmations and warning messages

Security Tool/Service
First reported
Last updated
Happening score
H score 14
1 unique sources, 1 articles

Summary

Hide ▲

Signal added in-app confirmations and warning messages to slow phishing and social-engineering attempts that could expose accounts, chats, and contacts. The update matters because it adds friction before users approve suspicious external requests. It also warns users that Signal will never ask for a registration code, PIN, or recovery key. The change is aimed at reducing fraud driven by bogus support impersonation and device-linking abuse.

Related Happenings

Signal Backup Recovery Key phishing mitigation

Advisory/Mitigation
H score25 First: 27.06.2026 01:06 Last: 27.06.2026 01:06 Sources 1

About this happening: The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...

Suspected Russia-linked Signal phishing campaign targeting political accounts

Campaign
H score18 First: 28.04.2026 13:54 Last: 28.04.2026 13:54 Sources 1

How related: All incidents were attributed to Russian state-sponsored hackers, who abused the Linked Device feature to gain access to the target’s account, chats, and contacts lists.

About this happening: A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...

Latest development: 12.05.2026 22:40

Signal introduced new in-app confirmations, warning messages, and educational prompts to help users resist phishing and social engineering attempts, including bogus Signal Support lures and requests to scan QR codes or share registration codes, PINs, or recovery keys.

Deepfake finance and identity defenses shift to verbal passcodes and callback checks

Defensive Guidance
H score42 First: 27.04.2026 16:00 Last: 27.04.2026 16:00 Sources 1

About this happening: **AI deepfake** fraud defenses are shifting toward **verbal passcodes**, **callback verification**, and a **pause-before-act** policy for **high-value financial requests**. These...

NCSC alert on messaging-app targeting of high-risk individuals

Public Sector Action
H score30 First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...

WhatsApp anti-scam protections now warn on fraudulent device-linking requests

Security Tool/Service
H score14 First: 26.03.2026 16:06 Last: 26.03.2026 16:06 Sources 1

About this happening: **WhatsApp** rolled out **anti-scam protections** that warn users when **device-linking requests** look suspicious, adding a new user-facing control against **fraudulent account-l...

Timeline

  1. 12.05.2026 22:40 2 articles · 1mo ago

    Signal adds anti-phishing confirmations

    Mitigation Patch Update

    Signal introduced new in-app confirmations, warning messages, and educational messaging to slow phishing and social engineering attempts against Signal users. The update adds legitimacy cues such as 'Name not verified' and 'No groups in common', prompts users to confirm new requests, and reminds them that Signal will never ask for a registration code, PIN, or recovery key.

    Show sources