If you’ve never used Signal, it’s basically a messaging app like WhatsApp, but built with privacy at its core. It’s widely used by journalists, activists and even government officials because of its strong end-to-end encryption.
Now, that reputation is being tested, not because the app was hacked, but because users are being tricked.
Signal has announced a fresh set of security measures after a recent wave of phishing attacks targeted politicians, military personnel and journalists in multiple countries.
In a statement posted on social media, the company said new protections will be rolled out “in the coming weeks” to help prevent such attacks. While specific features were not disclosed, the move comes amid growing concern over coordinated attempts to compromise user accounts.
Signal On Phishing Attacks
Signal made it clear that its encryption systems have not been breached. Instead, attackers are exploiting users directly.
According to the company, phishing attempts have involved impersonators posing as Signal Support to trick users into sharing login credentials. Once access is granted, attackers effectively walk in through the “front door.”
This kind of assault also applies to other chat services such as WhatsApp, Facebook Messenger, Viber and so on.
All large messaging services have similar concerns about users being coerced into sharing confidential data. Users of those services have had their accounts hacked after the use of stolen credentials, and their associated numbers were modified without their knowledge.
Once an attacker had hacked into someone’s account, they would then access any contacts in that person’s contact list and impersonate that person to further compromise other members of their trusted circle and conduct further attacks on the vulnerable individuals whose trust they had gained.
Signal went on to say that its official support team never asks for a verification code or PIN number and reminded users to use appropriate caution.
Europe Sees Spike in Targeted Campaigns
Authorities in the United Kingdom, the Netherlands and Germany have all reported phishing attempts linked to Signal in recent months.
Officials in the Netherlands and Germany have suggested the campaign may be state-backed, with Russia suspected to be behind some of the activity. German cybersecurity agencies had already issued public warnings earlier this year, advising users on how to stay protected.
Security Debate Reaches Governments
The situation has also triggered debate at the policy level. In Germany, lawmakers are reportedly considering switching to alternative messaging platforms such as Wire, citing different privacy structures and visibility controls.
Signal has long been considered one of the most secure messaging apps, widely used by journalists, activists and even government officials.
High-profile users have included senior US officials, highlighting the level of trust placed in the platform. But recent incidents show that even the most secure systems can be undermined if users themselves are targeted.
Signal says it relies on reports from affected users to track such attacks, as it does not store user data by design.
With new safeguards on the way, the company is now under pressure to close the gap between strong encryption and real-world user vulnerabilities.
Also Read: Apple’s Next Big Event Could Finally Fix Siri & Transform Your iPhone
