The FBI and CISA are urging Signal users to be wary of unsolicited messages claiming to be from the platform's support team.

In a joint advisory, law enforcers warn that Russian-linked hacktivists are targeting Signal users in an ongoing phishing campaign to hijack accounts.

The alert, issued by the FBI’s Internet Crime Complaint Center, describes attackers impersonating Signal’s support or security teams to trick users into handing over account access.

Victims receive messages that appear urgent and legitimate, warning of “suspicious activity” or login attempts from an unknown device.

In some cases, users are told that their accounts could be suspended unless they complete a “verification step.”

The phishing messages attempt to create a sense of urgency, prompting targets to share one-time passcodes, click on malicious links, or scan QR codes. Some messages explicitly instruct users to reply with authentication codes sent to their phones.

If successful, attackers can register their own device to the compromised Signal account or take full control of it. This enables them to read private conversations, access contacts, and take the scam further using a trusted identity.

The campaign is primarily targeting individuals of interest to Russian intelligence, including journalists, activists, dissidents, and others handling sensitive information.

The advisory stresses that the campaign does not exploit a flaw in Signal’s encryption but relies on social engineering techniques to bypass protections by manipulating users directly.

Signal does not request verification codes or sensitive information via chat, and as such, the FBI advises that requests should be treated as a warning.

---

Unlock more exclusive Cybernews content on YouTube.