Here's How to Protect Yourself From This Sophisticated Signal Scam
Hackers are masquerading as Signal Support to access secure chat backups.
Fransebas
Emily Long Freelance Writer
Experience
Emily Long is a freelance writer based in Salt Lake City.
After graduating from Duke University, she spent several years reporting on the federal workforce for Government Executive, a publication of Atlantic Media Company, in Washington, D.C. She has nearly a decade of experience as a freelancer covering tech (including issues related to security, privacy, and streaming) as well as personal finance and travel.
In addition to Lifehacker, her work has been featured on Wirecutter, Tom’s Guide, and ZDNET. Emily has also worked as a travel guide around the U.S. and as a content editor. She has a masters in social work and is a licensed therapist in Utah.
June 1, 2026
Add as a preferred source on Google
Credit: Jaap Arriens/NurPhoto via Getty Images/Shutterstock
Key Takeaways
Hackers are running with a new Signal scam targeting users' secure chat backups. Attackers will masquerade as "Signal Support," asking users to share their recovery key, or else risk losing access to their data. Sharing the recovery key allows attackers to unlock your encrypted chat backups, which means it's imperative you do not do so. You can protect your account by ignoring messages from strange users, and by enabling Registration Lock.Table of Contents
Signal is one of the most secure encrypted communication platforms available, but that doesn't mean it's impenetrable against bad actors. Earlier this year, for example, the FBI was able to recover deleted Signal messages from a defendant's iPhone thanks to a vulnerability in how notifications are stored. (Apple has since patched this flaw.) Now, the app is a target for hackers, who are impersonating Signal's support team in a sophisticated phishing scam aimed at gaining access to secure chat backups. Here's what you need to know to protect your Signal account.
How the latest Signal scam works
As TechCrunch reports, threat actors are using an account titled "Signal Support" to send phishing messages to prospective targets requesting the recipient's recovery key. The message warns that backup messages and media are "at risk of permanent loss due to a sync issue," and unless the user provides their recovery key to the "support" team, they may lose access to their account and its data. Of course, this is all a lie: With your recovery key, attackers can unlock your encrypted chat backups, which is their explicit goal here.
This phishing campaign may largely target activists and other high-risk Signal users like journalists. However, some experts have suggested that the tactic may be used more widely and by multiple threat actors, who are exploiting users' trust in the app's reputation for privacy and security. The platform also recently warned users about similar support impersonation scams aimed at account takeover. Signal will never ask you for your account details, like your PIN or recovery key, and any such requests from so-called support are a scam.
What do you think so far?
Protect your Signal account now
If you receive a message from Signal Support or any official-looking user requesting credentials or keys, do not provide this information. These are hackers impersonating Signal, not trusted accounts. No legitimate company or platform will contact you out of the blue asking for your login or other sensitive data. You should also enable Registration Lock, Signal's security feature that protects your account from being hijacked. Registration Lock prevents someone else from setting up Signal on a new device (without an additional PIN) and then locking you out. Go to Settings > Account and toggle Registration Lock on to ensure you won't be attacked like this.
The Download Newsletter Never miss a tech story
Jake Peterson
Get the latest tech news, reviews, and advice from Jake and the team.
The Download NewsletterNever miss a tech story. Get the latest tech news, reviews, and advice from Jake and the team.
