Signal backup phishing is a growing threat that targets users’ sensitive backups. Hackers use fake support messages to trick users into giving up their recovery keys.

Signal backup phishing

Signal backup phishing starts with a message that claims to be from Signal’s support team. The message warns that your backups are “at risk of permanent loss due to a sync issue.”

Additionally, it instructs you to send your recovery key to link your backup to your account. The real goal is to steal your data by getting control of the backup recovery key.

Consequently, this is a phishing scam. The hackers want access to your private chat backups, which may include photos and files.

Signal backup phishing is not limited to one group or region. According to the original source, both activists and regular users have been targeted.

Furthermore, Signal highlights that its official support will never contact users first. Real support will never ask for registration codes, PIN, or recovery keys.

If you receive such a message, you should never share your recovery key. Your recovery key is private and only you should have access to it.

Signal backup phishing campaigns have shifted focus recently. Hackers are now targeting backups instead of just hijacking accounts.

This change is significant because older messages and media are stored in these backups. If a hacker gains the recovery key, they could access your entire backup archive.

Additionally, Signal has recently introduced Secure Backups, which require a recovery key for access. The key never leaves your device and should be protected securely.

Therefore, the best defense against signal backup phishing is never to share your recovery key with anyone. Signal backup phishing can only succeed if you give away your private information to hackers pretending to be official support.

For more details, read the TechCrunch report about this ongoing campaign.

Tags: Signal backup phishing, Signal phishing attacks, Signal backup security, Signal recovery key scam, Secure Signal backups, Signal data protection, Phishing scam Signal, Signal account security