En bref
Criminals are targeting Signal users with SMS phishing that impersonates Signal Support and tricks victims into handing over their 64 character backup recovery key. Once shared, attackers can download and decrypt the user's entire...
Comment ca fonctionne
Criminals are targeting Signal users with SMS phishing that impersonates Signal Support and tricks victims into handing over their 64 character backup recovery key. Once shared, attackers can download and decrypt the user's entire...
Signaux d'alerte
- : Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
Que faire
- 1Red flags: Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
Source
malwarebytes
Source verifiee par Mythos Forensic Team
https://www.malwarebytes.com/blog/news/2026/05/signal-users-targeted-in-backup-stealing-phishing-attacksFAQ
Phishing campaign steals Signal backup recovery keys via fake support messages est une vraie arnaque ?
Oui. Traitez le message, l'appel ou la demande de paiement comme suspect jusqu'a verification via un canal officiel.
Quels sont les premiers signaux ?
: Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
Que faire en premier ?
Red flags: Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
LegalAudit peut-il verifier mon cas ?
Oui. Lancez le chat gratuit et collez le message, le lien, l'expediteur ou les details de paiement.