- Official Post
The encrypted messaging platform Signal is preparing new security measures aimed at reducing phishing scams targeting its users. The move follows a series of social-engineering attacks against politicians, journalists, and military personnel in Germany.
According to Signal president Meredith Whittaker, the app will soon display stronger warnings whenever users receive messages from unknown phone numbers for the first time. Accepting new contacts will also require additional confirmation steps instead of a simple one-click action.
The recent attacks reportedly targeted several high-ranking German officials, including Bundestag president Julia Klöckner and cabinet ministers Verena Hubertz and Karin Prien. German security agencies suspect that actors connected to Russia may be involved in the campaign.
Signal emphasized that its encryption systems were never compromised. Instead, attackers relied on manipulation tactics — commonly known as social engineering — to convince victims to reveal credentials or link accounts to attacker-controlled devices.
One common trick involved fake accounts pretending to be “Signal Support.” Victims were pressured into sharing verification codes or PINs, allowing attackers to hijack accounts or silently monitor conversations through linked devices.
Whittaker also defended Signal’s privacy-focused design. She explained that preventing impersonation completely would require the company to actively scan user messages and profile data before encryption — something Signal refuses to do because it conflicts with the platform’s privacy principles.
The company says additional security improvements are currently being evaluated and more details will be announced soon. Signal also reminded users that the service will never contact people directly in private chats to request PINs, verification codes, or encryption keys.