Signal Users Warned of Phishing Scam Targeting Recovery Keys

A phishing campaign is targeting Signal users by sending fraudulent messages that impersonate Signal Support, aiming to steal backup recovery keys for accessing encrypted message archives. The messages contain red flags such as threats of data loss, requests to paste recovery keys into chats, and unverifiable sender names. If attackers gain access to a user's recovery key, they can decrypt message histories, posing a greater risk than mere account hijacking.

Security recommendations include treating unsolicited support messages as suspicious, never sharing sensitive codes, and using additional security features offered by apps like Signal.