A new wave of phishing attacks is trying to steal the backups of users of Signal, the app that enjoyed a reputation as „the safest messaging on the internet." The attackers introduce themselves as Signal Support through messages inside the app, and claim that the user's backup „will be permanently lost due to a synchronisation problem." They ask the user to share the recovery key - the same key that unlocks every past message and piece of media.

The campaign initially targeted anti-China activists, but Mohammed Al-Maskati, director of the Digital Security Helpline at Access Now, confirmed that non-activists are also receiving these messages. That means one of two things: either the attack is broader than it looks, or multiple groups are behind it. Either way - a problem for the average user.

Signal is responding with a clear message: „Signal Support will never contact you first," and „it will never ask for your registration code, PIN or recovery key." Al-Maskati reminds users that stealing the key is only the first step - the attackers then have to take over the account itself for the intrusion to actually land.

A piece of advice for anyone with Signal on their phone: if you get a message from „Signal Support" - ignore it and report it. The recovery key belongs in a notebook or a password manager, never in a chat. The paradox of 2026: the apps that promised to kill phishing have now become its main target.