Signal users targeted in backup-stealing phishing attacks

A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives.

The attack is initiated by a text message pretending to come from Signal Support.

“Action Required: Data Recovery NeededYour Signal account data (message and media) Is at risk of permanent loss due to a sync issue.To avoid losing your messages and media:1. Go to Settings -> Backups -> Configure -> Enable backups -> View Recovery Key.2. Copy the recovery key to your clipboard.3. Paste the key into this chat.This links your existing backup to your account. Failure to do this may result in losing access to your account and all stored data.”

There are a few red flags in this message:

The “Name not verified” label under the sender