Phishing Scam Steals Signal Backup Keys

A new phishing campaign uses fake support texts to trick Signal users into giving up their backup recovery keys, compromising encrypted messages.

A new phishing campaign is targeting users of the secure messaging app Signal. Attackers send text messages that appear to be from Signal Support, warning of a "sync issue" that puts the user's message history and media at risk of permanent loss. The message creates a sense of urgency, instructing the recipient to take immediate action to prevent data loss. The ultimate goal of this social engineering tactic is to deceive users into revealing their 30-digit backup recovery key. This key is the only way to restore an account's message history on a new device. If attackers obtain this key, they can access the user's encrypted message archives.

This attack highlights a critical vulnerability in the human element of security, even when using highly secure platforms. While Signal's end-to-end encryption remains robust, this campaign circumvents it by targeting the user directly. The attack is particularly concerning for individuals and organizations that rely on Signal for confidential communications. If successful, the compromise of a backup key could expose sensitive conversations, contacts, and media files. This incident serves as a reminder for security teams that user education is a vital component of any security strategy, as even the most secure systems can be undermined if users are tricked into giving away their credentials.