Kurzfassung
Criminals are targeting Signal users with SMS phishing that impersonates Signal Support and tricks victims into handing over their 64 character backup recovery key. Once shared, attackers can download and decrypt the user's entire...
Wie es funktioniert
Criminals are targeting Signal users with SMS phishing that impersonates Signal Support and tricks victims into handing over their 64 character backup recovery key. Once shared, attackers can download and decrypt the user's entire...
Warnzeichen
- : Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
Was tun
- 1Red flags: Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
Quelle
malwarebytes
Quelle geprueft vom Mythos Forensic Team
https://www.malwarebytes.com/blog/news/2026/05/signal-users-targeted-in-backup-stealing-phishing-attacksFAQ
Ist Phishing campaign steals Signal backup recovery keys via fake support messages ein reales Betrugsmuster?
Ja. Behandeln Sie Nachricht, Anruf oder Zahlungsaufforderung als verdaechtig, bis ein offizieller Kanal sie bestaetigt.
Was sind die ersten Warnzeichen?
: Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
Was sollte ich zuerst tun?
Red flags: Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
Kann LegalAudit meinen Fall pruefen?
Ja. Starten Sie den kostenlosen Chat und fuegen Sie Nachricht, Link, Absender oder Zahlungsdaten ein.