In breve
Criminals are targeting Signal users with SMS phishing that impersonates Signal Support and tricks victims into handing over their 64 character backup recovery key. Once shared, attackers can download and decrypt the user's entire...
Come funziona
Criminals are targeting Signal users with SMS phishing that impersonates Signal Support and tricks victims into handing over their 64 character backup recovery key. Once shared, attackers can download and decrypt the user's entire...
Indicatori rossi
- : Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
Cosa fare
- 1Red flags: Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
Fonte
malwarebytes
Fonte verificata da Mythos Forensic Team
https://www.malwarebytes.com/blog/news/2026/05/signal-users-targeted-in-backup-stealing-phishing-attacksFAQ
Phishing campaign steals Signal backup recovery keys via fake support messages e una truffa reale?
Si. Tratta messaggi, chiamate o richieste di pagamento come sospette finche non le verifichi da un canale ufficiale.
Quali sono i primi segnali?
: Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
Cosa devo fare subito?
Red flags: Unsolicited message claiming to be from Signal Support asking for your recovery key Urgent threats of permanent data loss pressuring immediate action Instruction to paste a secret key directly into a chat conversation What to do: Never share recovery keys, PINs, SMS codes, or MFA secrets with anyone, including 'support' Open the Signal app directly, not via links in the message, to verify any warning Enable registration lock, registration PIN, and disappearing messages for extra protection
LegalAudit puo controllare il mio caso?
Si. Apri la chat gratis e incolla messaggio, link, mittente o dati di pagamento per un triage.