Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. The purpose is to introduce enough friction that users get the time to evaluate the safety of an external request. Recently, there have been attacks targeting high-profile users with bogus ‘Signal Support’ alerts, as highlighted by the FBI, the Dutch government, and the German authorities. All incidents were attributed to Russian state-sponsored hackers, who abused the Linked Device feature to gain access to the target’s account, chats, and contacts lists. The attack works by convincing the victim to scan a QR code or share one-time codes, supposedly as part of a verification process to protect their accounts from suspicious activity. This allows threat actors to link their device to the target account and obtain access to all the data. “To help protect Signal users from phishing and social engineering attacks, we’ve introduced additional confirmations and educational messaging in the app to help people better detect fraudulent profiles, especially message requests from scammers posing as Signal,” the vendor explained. Social engineering remains one of the most effective forms of cyberattack, providing a complete bypass of existing security measures. Users should stay on high alert for suspicious messages from unknown contacts, especially requests to scan QR codes or share verification codes.