Mobile apps

Has your Signal account been hacked in the latest phishing attacks?

If you've been targeted, you'll likely have received a message from attackers disguised as official Signal communications. — Photo by Mika Baumeister on Unsplash

BERLIN: Signal users around the world are at risk of falling victim to a wave of sophisticated new cyberattacks apparently targeting political, military and business leaders who use the messaging service.

In the past months, attacks on the app have been detected in the UK, the Netherlands and most recently Germany, with the Dutch government suggesting that Russia is behind the campaign.

Security officials are now warning users to be wary of a suspected state-sponsored phishing campaign targeting Signal, an app known for its high levels of user privacy.

The German news magazine Der Spiegel reported that elected officials from virtually all parliamentary groups have been affected by the phishing attacks, as well as NATO officials and journalists.

To gain access to the address books and data of specific users, the attackers first send a message asking the user to enter a PIN, click on links or a QR code. This then enables them to infiltrate internal chat groups under a false identity.

The cyberattacks are far from limited to politicians or corporations. Here is how to tell whether you may have fallen victim – and what to do about it.

What do the Signal phishing messages look like?

If you've been targeted, you'll likely have received a message from attackers disguised as official Signal communications. Typical patterns include:

  • Fake Signal chatbot: A message claims your account is at risk and asks you to enter your PIN or re-register.
  • QR codes: A link or QR code leads to a fake Signal page. On a small mobile screen, the fake URL may not be immediately obvious.
  • Cloned AI voices and social engineering: Attackers also use hijacked accounts to exploit the trust of colleagues and contacts and target them directly.

What should users never do?

Never share a PIN, registration code or personal data with anyone who says they are support staff, a security service or a government authority – on Signal or any other app. Signal, like most messaging and online banking services, will never ask for your PIN in this way.

What should I do if I am affected?

Germany's Federal Office for Information Security (BSI) has given examples of phishing messages and explained three scenarios and how anyone who has been targeted can respond.

Scenario 1: I received the message but did not respond.

Good. Even so: delete the message and block the sender. Then follow the instructions below on activating the registration lock and two-factor authentication (2FA).

Scenario 2: I entered a code and/or PIN but still have normal access to my Signal account and was not forced to re-register.

  • Step 1: Change your Signal PIN immediately via the app's settings.
  • Step 2: Delete your messenger account via the settings in the app (important: delete only the account, not the app).
  • Step 3: Create a new messenger account with a new PIN.

It should be assumed that the attackers may now know your mobile number. Anyone who finds this critical and wants to be on the safe side should:

  • Step 4: Get a new mobile number and register a new messenger account with it.
  • Step 5: Activate the registration lock (instructions below), hide your mobile number and, wherever possible, activate disappearing messages.
  • Step 6: Report and block the supposed Signal support contact.

Scenario 3: I entered an SMS code and/or PIN and no longer have access to my account.

This is the worst case – the messenger account has been hacked. The attackers have taken over the entire account and can read all messages and contacts and impersonate you.

In this case: Assign a new, previously unused Signal PIN via the app settings. Inform your contacts that all communications from the time of the attack onwards may have been read – use a different communication channel (such as phone or email) to do so. The compromised account must be blocked by all your contacts.

This also applies to groups, and BSI experts advise having all accounts and any "deleted accounts" removed from all chat groups, and informing all group members to block the compromised account. It is strongly recommended to delete chat groups and recreate them; invitation links must also be newly created.

As before, anyone who wants to be safe should get a new mobile number and register a new messenger account with it. Activate the registration lock, hide your mobile number and, wherever possible, activate disappearing messages.

Afterwards, contact the real Signal support team at https://support.signal.org/hc/requests/new to have the old "lost" account deleted.

How can I protect myself?

You can take the following preventive measures to avoid falling for phishing schemes — not just on Signal:

  • Activate the registration lock: Settings → Account → Registration Lock. This prevents your account from being taken over on an unknown device.
  • Regularly check linked devices: Settings → Linked Devices. Remove anything unrecognised immediately.
  • Use disappearing messages: This limits the damage if attackers gain access.
  • Never share your PIN or registration code – not even with supposed Signal support.
  • Use strong, unique passwords for all accounts.
  • Activate two-factor authentication (2FA), an extra layer of security widely recommended by experts.

– dpa

Related stories:
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.