Signal has introduced new in-app security warnings and confirmation prompts designed to protect users from phishing and social engineering attacks targeting the encrypted messaging platform.
The changes come after a wave of attacks aimed at politicians, journalists, diplomats, and military officials in Europe, particularly Germany, where threat actors impersonated Signal support staff to hijack accounts.
Signal’s new protections add extra friction when users receive messages from unknown contacts or attempt to interact with suspicious profiles. The app will now display stronger warning messages and additional confirmations intended to give users more time to evaluate whether a request is legitimate before responding.
Signal president Meredith Whittaker said the attacks did not involve vulnerabilities in Signal’s encryption or source code. Instead, attackers relied on social engineering tactics to manipulate users into sharing verification codes, PINs, or linking their accounts to attacker-controlled devices.
One commonly reported technique involved attackers posing as “Signal Support” accounts and sending messages claiming there was a security issue requiring immediate action. Victims were then instructed to scan QR codes or provide authentication details that allowed attackers to access their accounts remotely.
In response, Signal is now making it harder to accidentally trust unknown contacts. The company said accepting new message requests from unfamiliar numbers will no longer happen with a single tap and will instead trigger clearer warning notices.
The app also expanded educational messaging, reminding users that Signal employees will never contact them directly through chats to request PINs, verification codes, encryption keys, or account credentials.
German intelligence agencies previously warned that the phishing campaign was likely linked to state-sponsored threat actors. Investigators said attackers targeted high-profile individuals using legitimate Signal features rather than malware or software exploits.
Authorities warned that once attackers gained access to accounts, they could read private conversations, monitor group chats, view contact lists, and impersonate victims in additional attacks.
Signal users are being encouraged to enable Registration Lock, review linked devices regularly, and avoid interacting with unexpected support-related messages or QR codes. Security experts also recommend verifying requests through separate communication channels before sharing authentication information.