https://twitter.com/signalapp/status/2053957236376961474
Signal has introduced a new security feature that displays warnings to users when they receive messages from unknown contacts, specifically designed to help guard against social engineering and phishing attacks. The warnings appear when someone outside a user’s contact list attempts to make contact, prompting the recipient to consider carefully before engaging or clicking any links. The move comes amid a surge in targeted attacks against high-profile individuals and activists who rely on Signal for secure communications, including a notable campaign where threat actors posed as US government officials to trick targets into revealing sensitive information.
The feature is particularly timely given the growing sophistication of social engineering attacks that exploit the inherent trust users place in encrypted messaging platforms. Cybercriminals and state-sponsored actors have increasingly shifted their tactics toward targeting the human element rather than attempting to break Signal’s encryption, which remains robust. By manipulating users into clicking malicious links or joining compromised group chats, attackers have found ways to undermine the platform’s security without ever needing to crack the underlying cryptography.