Signal Phishing: Hackers Don’t Need to Break Encryption If You’ll Just Hand Over Your Account
German security agencies: “Hey, that ‘Signal Support’ texting you? That’s not Signal.”
German intelligence dropped a warning this week that’s almost embarrassing in how simple it is: state-sponsored hackers are going after Signal users—politicians, military, journalists—and they’re not breaking any encryption to do it.
They’re just… asking nicely. And people are falling for it.
The Scam Is Stupidly Simple
No malware. No zero-days. Just social engineering, the oldest trick in the book.
Version 1: Fake Support
Someone pretending to be “Signal Support” or a “Signal Security ChatBot” messages you. They say your data’s about to be lost. Scary! Better give them your Signal PIN or SMS verification code, right?
Wrong. But people do it anyway.
Once they have that, attackers register your account on their device. They get your contacts, your settings, every message from that point forward. You get locked out. And then the fake support helpfully guides you through setting up a new account—except now your identity is theirs.
Version 2: The Sneaky QR Code
This one’s worse in a way. Attackers trick you into scanning a QR code that links their device to your account. No dramatic lockout. You keep using Signal normally.
Meanwhile, every message you send and receive gets mirrored to someone else’s phone. Including 45 days of chat history. You’d never know unless you checked your linked devices.
Why Should You Care?
Even if you’re not a diplomat or journalist, this matters.
One compromised account exposes every group chat that person is in. For a journalist, that’s sources. For a diplomat, that’s negotiations. For you, it might be your family group chat or your work Slack alternative.
The German agencies put it bluntly: “Successful access to messenger accounts not only allows confidential individual communications to be viewed, but also potentially compromises entire networks via group chats.”
Who’s Doing This?
The advisory doesn’t name names directly, but the targeting profile screams Russia. Similar campaigns have been tracked by Microsoft and Google under names like Star Blizzard and UNC5792. They’ve run identical tricks against Ukrainian military and government targets.
This German campaign looks like expansion—same playbook, new targets.
This Isn’t Just About Signal
Same week, same vibes:
- Norway blamed Chinese hackers (including Salt Typhoon) for compromising organizations through network devices
- Poland’s CERT tied attacks on 30+ energy facilities to Russian group Static Tundra
- Iranian cyber actors got called out for targeting dissidents in Norway
Nation-states are going after communication channels now. Why bother hacking the network when you can just read the messages?
What To Actually Do
Stop doing this:
– Engaging with anyone claiming to be “Signal Support” via message (Signal doesn’t do that)
– Sharing your PIN with anyone, ever
– Scanning QR codes from messages without thinking
Start doing this:
– Turn on Registration Lock (Settings → Account → Registration Lock). This stops anyone from hijacking your number.
– Check your linked devices regularly. Settings → Linked Devices. Anything you don’t recognize? Remove it.
– Verify weird requests through official channels. Got something suspicious? Go to signal.org directly.
The Actual Lesson
Here’s the annoying truth: end-to-end encryption protects the pipe, not the endpoints. Signal’s crypto is still unbroken. These attacks just walk around it by compromising the user.
There’s an old saying in security: “Amateurs hack systems, professionals hack people.”
All the encryption in the world doesn’t help if someone convinces you to let them in. For high-profile targets—or honestly, anyone who values their privacy—that means staying paranoid about unsolicited requests.
The tech can only save you from yourself up to a point.
Source: The Hacker News – German Agencies Warn of Signal Phishing