"We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously... To be clear: Signal's encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information—SMS codes and/or Signal PIN—to gain access to users' accounts."
"Attackers impersonate trusted contacts or services (such as the non-existent Signal Support Bot) to trick victims into handing over their login credentials or other information. To help prevent this, remember that your Signal SMS verification code is only ever needed when you are first signing up for the Signal app."
"Signal Support will *never* initiate contact via in-app messages, SMS, or social media to ask for your verification code or PIN. If anyone asks for any Signal related code, it is a scam. While we build robust technical safeguards, user vigilance is ultimately the best defense against phishing."
Signal reported targeted phishing attacks resulting in account takeovers of government officials and journalists. The attacks exploited social engineering tactics, with attackers impersonating trusted contacts or fake Signal Support services to trick users into sharing SMS verification codes and PINs. Signal emphasized that its encryption and infrastructure remain secure and uncompromised. The company clarified that SMS verification codes are only needed during initial app signup and that Signal Support never initiates contact requesting verification codes or PINs. Signal is implementing additional technical safeguards and interface improvements while emphasizing user vigilance as the primary defense against phishing attacks.
Read at www.mediaite.com
Unable to calculate read time
Collection
[
|
...
]