UMVA has learned that a sophisticated phishing scam is targeting users of a popular encrypted communication platform, with hackers impersonating the app's support team to gain access to secure chat backups.
The scam involves threat actors sending messages from an account titled "Signal Support," claiming that backup messages and media are at risk of permanent loss due to a sync issue, and requesting the recipient's recovery key to prevent data loss.
However, this is a clever ruse: providing the recovery key would give attackers the ability to unlock encrypted chat backups, compromising the user's sensitive information and putting their security at risk.
According to information obtained by UMVA, this phishing campaign may largely target high-risk users, such as activists and journalists, who rely on the platform for secure communication.
Experts warn that the tactic may be used more widely and by multiple threat actors, who are exploiting users' trust in the app's reputation for privacy and security.
The platform has recently warned users about similar support impersonation scams aimed at account takeover, and has emphasized that it will never ask users for their account details, such as their PIN or recovery key.
To protect your account, UMVA advises that you should never provide sensitive information to anyone claiming to be from support, and instead verify the authenticity of any requests through official channels.
Enabling Registration Lock, a security feature that protects your account from being hijacked, is also crucial; this can be done by going to Settings > Account and toggling Registration Lock on.
By taking these precautions, users can significantly reduce the risk of falling victim to this type of scam and ensure the security of their sensitive information.