If you are a Signal user, be on the alert for a new phishing campaign that attempts to steal recovery keys used to access cloud backups.
If successful, the attackers could have access to entire message archives, conversations, photos and documents shared through the Signal platform. Signal is often used for highly sensitive communications, so the threat is real and could be significant.
The attackers are using fraudulent messages impersonating Signal Support, telling users that their account data is at risk because of a synchronization problem and directing users to retrieve their backup recovery key from the Signal app and paste it into the conversation. The message tries to scare users by telling them that sharing the key is to prevent permanent data loss and creates a sense of urgency.
Signal will never ask users to share credential information and will not proactively contact users asking for passwords or recovery keys, so if you receive such a request, you should know it is malicious. Cyber Insider suggests the following tips to reduce becoming victimized by this latest scheme:
- Never share a Signal recovery key, registration code, or PIN with anyone.
- Treat unsolicited messages claiming to be from “Signal Support” as suspicious.
- Verify account warnings directly within the Signal application rather than through links or instructions received in messages.
- Enable Registration Lock and other account-protection features offered by Signal.
- Store recovery keys and PINs securely in a password manager or offline location.
- Consider using disappearing messages to reduce the amount of historical data available if an account is compromised.
