Cybercriminals are attempting to gain access to the private correspondence of Signal users

Cybercriminals have launched a new type of fraud attack targeting users of the Signal messaging service, Zamin.uz reported.
According to information shared by TechCrunch, the attackers’ main goal is to gain access to users’ personal message backups. The scheme involves fraudsters posing as Signal technical support staff and sending fake messages to individuals.
Details of the situation were disclosed in international tech publications. According to evidence presented by Josh Rogin, an analyst at The Washington Post, scammers are intimidating users by claiming that a synchronization error has occurred and that all their messages may be deleted.
To “resolve” the issue, they demand that users send a secret recovery key via chat, which would grant access to online backups. If this key falls into the wrong hands, attackers could gain full access to the user’s entire message history, personal photos, and sent documents.
Mohammed Al-Maskati, head of digital security at Access Now, warned that these attacks are not limited to political figures or specific groups but could target any user. He emphasized that compromising the recovery key is only the first stage of the attack.
Cybercriminals may then attempt to take full control of the account, posing a serious threat to user data security.
Signal’s administration issued an official statement urging users to remain vigilant. Company representatives stressed that support staff never initiate contact with users first.
Furthermore, they never ask for registration codes, secret PINs, or recovery keys. Any suspicious messages from accounts claiming to offer technical support should be treated as fraudulent.
Users are strongly advised not to follow instructions in such messages and never to disclose personal information to strangers.





