Ethical Hacking News
Signal has introduced new safety features to combat phishing and social engineering attacks targeting high-profile users. The new protections include 'Name not verified' messages, a 'No groups in common' message for new requests, prompts to confirm acceptance, enriched safety tips, and reminders about rogue linked devices. These measures aim to provide enough friction for users to evaluate the safety of external requests and prevent malicious actors from gaining access to their accounts.
Signal has introduced new safety features to protect users from phishing and social engineering attacks. Russian state-sponsored hackers exploited a vulnerability in Signal's Linked Device feature, leading to the attacks. Signal displays a 'Name not verified' message for contacts that establish communication via direct messages. A 'No groups in common' message is now shown when a new request arrives, highlighting lack of association with the recipient. Users will be prompted to confirm acceptance of messages and reminded not to respond to chats pretending to come from Signal Support. Social engineering remains a significant threat, emphasizing the need for users to stay vigilant when interacting with unknown contacts or QR code requests.
Signal, a popular end-to-end encrypted messaging app, has recently introduced new safety features aimed at protecting its users from phishing and social engineering attacks. The move comes in response to recent incidents where high-profile users were targeted by hackers posing as Signal Support representatives.
According to reports, these malicious actors used the Linked Device feature to gain access to the victims' accounts, chats, and contacts lists. This was achieved through a series of convincing messages that tricked the victims into scanning QR codes or sharing one-time codes, supposedly as part of a verification process to protect their accounts from suspicious activity.
The attacks were attributed to Russian state-sponsored hackers who exploited this vulnerability in the Linked Device feature. The FBI, Dutch government, and German authorities all linked these incidents to the same malicious actors.
To combat this threat, Signal has implemented several new safeguards within its app. First and foremost, it now displays a 'Name not verified' message underneath contacts that establish communication via direct messages. This serves as a clear warning to users about potential phishing attempts from unknown or unverified sources.
Another significant change is the addition of a 'No groups in common' message when a new request arrives. This highlights any lack of association with the recipient, thereby making it more difficult for attackers to pose as legitimate contacts.
When a user receives a new message, Signal will now prompt them to confirm the acceptance while reminding them that it will never request their registration code, PIN, or recovery key. These are all common tactics used by scammers trying to gain unauthorized access to a victim's account.
Furthermore, Signal has also enriched its safety tips section with new entries and additional information. Users can expect to see reminders about not responding to chats pretending to come from Signal Support and advice on how to identify rogue linked devices in their settings.
Signal users should be aware that social engineering remains one of the most effective forms of cyberattack. This type of attack provides a complete bypass of existing security measures, making it imperative for users to stay vigilant when interacting with messages from unknown contacts or receiving requests to scan QR codes or share verification codes.
The new phishing and social engineering protections implemented by Signal serve as a timely reminder of the importance of staying informed about potential threats. As technology continues to evolve, so too must our defenses against cyber threats. By implementing these additional safeguards, Signal is taking an important step towards protecting its users from falling victim to such malicious attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Signals-New-Safeguards-Against-Phishing-and-Social-Engineering-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/signal-adds-security-warnings-for-social-engineering-phishing-attacks/
https://cybersecuritynews.com/signal-confirms-targeted-phishing-attacks/
Published: Tue May 12 14:53:10 2026 by llama3.2 3B Q4_K_M
