Signal adds in-app phishing confirmations and warning messages
Security Tool/Service
Summary
Hide ▲
Show ▼
Signal added in-app confirmations and warning messages to slow phishing and social-engineering attempts that could expose accounts, chats, and contacts. The update matters because it adds friction before users approve suspicious external requests. It also warns users that Signal will never ask for a registration code, PIN, or recovery key. The change is aimed at reducing fraud driven by bogus support impersonation and device-linking abuse.
Related Happenings
Signal Backup Recovery Key phishing mitigation
Advisory/Mitigation
H score25
First: 27.06.2026 01:06
Last: 27.06.2026 01:06
Sources 1
About this happening:
The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...
Signal Backup Recovery Key phishing mitigation
Advisory/MitigationAbout this happening: The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...
Suspected Russia-linked Signal phishing campaign targeting political accounts
Campaign
H score18
First: 28.04.2026 13:54
Last: 28.04.2026 13:54
Sources 1
How related:
All incidents were attributed to Russian state-sponsored hackers, who abused the Linked Device feature to gain access to the target’s account, chats, and contacts lists.
About this happening:
A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Suspected Russia-linked Signal phishing campaign targeting political accounts
CampaignHow related: All incidents were attributed to Russian state-sponsored hackers, who abused the Linked Device feature to gain access to the target’s account, chats, and contacts lists.
About this happening: A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Latest development: 12.05.2026 22:40
Signal introduced new in-app confirmations, warning messages, and educational prompts to help users resist phishing and social engineering attempts, including bogus Signal Support lures and requests to scan QR codes or share registration codes, PINs, or recovery keys.
Deepfake finance and identity defenses shift to verbal passcodes and callback checks
Defensive Guidance
H score42
First: 27.04.2026 16:00
Last: 27.04.2026 16:00
Sources 1
About this happening:
**AI deepfake** fraud defenses are shifting toward **verbal passcodes**, **callback verification**, and a **pause-before-act** policy for **high-value financial requests**. These...
Deepfake finance and identity defenses shift to verbal passcodes and callback checks
Defensive GuidanceAbout this happening: **AI deepfake** fraud defenses are shifting toward **verbal passcodes**, **callback verification**, and a **pause-before-act** policy for **high-value financial requests**. These...
NCSC alert on messaging-app targeting of high-risk individuals
Public Sector Action
H score30
First: 02.04.2026 17:15
Last: 02.04.2026 17:15
Sources 1
About this happening:
The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...
NCSC alert on messaging-app targeting of high-risk individuals
Public Sector ActionAbout this happening: The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...
WhatsApp anti-scam protections now warn on fraudulent device-linking requests
Security Tool/Service
H score14
First: 26.03.2026 16:06
Last: 26.03.2026 16:06
Sources 1
About this happening:
**WhatsApp** rolled out **anti-scam protections** that warn users when **device-linking requests** look suspicious, adding a new user-facing control against **fraudulent account-l...
WhatsApp anti-scam protections now warn on fraudulent device-linking requests
Security Tool/ServiceAbout this happening: **WhatsApp** rolled out **anti-scam protections** that warn users when **device-linking requests** look suspicious, adding a new user-facing control against **fraudulent account-l...
Timeline
-
12.05.2026 22:40 2 articles · 1mo ago
Signal adds anti-phishing confirmations
Mitigation Patch UpdateSignal introduced new in-app confirmations, warning messages, and educational messaging to slow phishing and social engineering attempts against Signal users. The update adds legitimacy cues such as 'Name not verified' and 'No groups in common', prompts users to confirm new requests, and reminds them that Signal will never ask for a registration code, PIN, or recovery key.
Show sources
- Signal adds security warnings for social engineering, phishing attacks — www.bleepingcomputer.com — 12.05.2026 22:40
- Signal adds security warnings for social engineering, phishing attacks — www.bleepingcomputer.com — 12.05.2026 22:40