A phishing campaign is targeting Signal users, particularly journalists and activists, by impersonating Signal Support and urging them to provide their backup recovery keys via text messages. The attackers exploit the urgency of potential data loss to convince victims to disclose sensitive information. If successful, attackers can access not only future messages but also the entire message history stored in the encrypted backup.
The campaign highlights the risks to individuals in sensitive fields, and experts advise users to be wary of unsolicited messages, enable security features, and avoid sharing authentication details. Similar phishing attempts have targeted high-profile individuals in Germany, raising concerns of state-sponsored espionage.