Why Signal Is Rolling Out New Phishing Protections
Signal is tightening its messaging app security with new in-app prompts aimed squarely at phishing and social engineering attacks. The encrypted messaging service has recently been targeted by scammers, including campaigns against high‑profile users such as government officials and journalists. Instead of hacking Signal’s infrastructure, attackers try to trick people into handing over credentials or verification codes. To counter this, Signal has launched a wave of account security warnings and educational messages inside the app. These changes are specifically focused on scammers who impersonate “Signal Support” or the app itself, hoping users will trust the brand name and cooperate. By surfacing clear alerts at the moment you receive risky or unsolicited messages, Signal wants to make it much easier to pause, evaluate, and reject suspicious contact before any damage is done.
New ‘Accept Request’ Prompts and Name-Not-Verified Notices
One of the most visible changes is a new confirmation step whenever you receive a message request from someone you haven’t chatted with before. Instead of dropping straight into your inbox, Signal now shows an “Accept Request” pop‑up reminding you to only accept messages from people you trust. You can either accept or cancel the conversation, reducing the chances of engaging with a scammer by accident. Signal also now labels profiles with a “name not verified” notice. Unlike phone numbers, profile names are self‑selected and cannot be verified, so anyone can pretend to be “Signal Support” or another trusted contact. This label reinforces that a familiar‑sounding display name is not proof of identity, and it encourages you to double‑check who you are talking to before sharing sensitive information or acting on unexpected requests.
Clear Warnings About Fake ‘Signal’ Chats and Requests for Codes
To combat social engineering attacks more directly, Signal now shows prominent guidance inside the interface explaining what the app will never do. One warning explicitly reminds you that Signal will not message you in a conversation asking for your registration code, PIN, or recovery key. If any chat claims to be from Signal and requests those details, you can treat it as a scam immediately. You may also see the message “Don’t respond to chats from Signal,” which explains that bad actors set up fake names to try to take over accounts. By repeating these account security warnings at key points, Signal helps you quickly distinguish between legitimate app behavior and fraudulent attempts to steal access. If a conversation feels off, the safest move is to stop responding and use trusted channels to verify what is being asked.
How Signal Highlights Suspicious Messages and Links
Beyond explicit impersonation attempts, many phishing messages rely on vague or curiosity‑driven prompts to get you talking. Signal’s new safety guidance calls out these patterns directly. The app educates users to be wary of unsolicited web links, generic messages designed to lure a reply, and chats that suddenly push financial “tips” or offers. These are common hallmarks of social engineering attacks intended to move you off‑guard and onto a malicious website or payment scheme. Additional educational pop‑ups also remind you to review who you’re talking to and to treat every new contact with caution. Signal still displays warnings when it cannot confirm you’re speaking to the correct person, reinforcing that identity is more than just a display name and avatar. Together, these visual prompts and explanations aim to make phishing red flags more obvious, even to non‑technical users.
Staying Safe While Signal Continues to Upgrade Security
These new Signal phishing protection features are part of a broader push to harden the platform against account hijackings. By combining extra confirmations, clearer identity notices, and in‑app education, Signal is trying to make it much harder for scammers to exploit user trust in the app’s brand. The company has indicated that more changes are coming, so users can expect message security to keep evolving over time. In the meantime, you can significantly reduce your risk by following a few simple rules: never share registration codes, PINs, or recovery keys; be skeptical of any chat claiming to be from Signal; and carefully review unexpected message requests before accepting them. Treat every suspicious prompt as a potential social engineering attempt. With these habits—and Signal’s new account security warnings—your private conversations are better protected against phishing and impersonation scams.