Discussion
We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.
To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts.
@signalapp those attacks.would've not.been successful if you weren't a #proprietary, #centralized, #SingleVendor / #SingleProvider "solution" that doesn't do #SelfCustoy of all the.keys nor allows for #SelfHosting nor demands #PII like #PhoneNumbers that can be leveraged for that.
Can't #phish if one doesn't have credentials for #phishing attacks ffs!
Also which #Government is that incompetent to not be able to setup their own comms?
These attacks, like all phishing, rely on social engineering. Attackers impersonate trusted contacts or services (such as the non-existent “Signal Support Bot”) to trick victims into handing over their login credentials or other information. To help prevent this, remember that your Signal SMS verification code is only ever needed when you are first signing up for the Signal app.
To protect people from such phishing, Signal actively warns users against sharing their SMS code and PIN.
We also want to emphasize that Signal Support will *never* initiate contact via in-app messages, SMS, or social media to ask for your verification code or PIN. If anyone asks for any Signal related code, it is a scam. We make this clear when users receive their SMS code during initial signup.
@signalapp THERE IS NO LEGITIMATE REASON FOR #Signal TO DEMAND A #PhoneNumber (= #PII by circumstances if not mandatory doxxing to the governments aka. " #KYC")…
cock.li of all places…While we build robust technical safeguards, user vigilance is ultimately the best defense against phishing. We will continue to work on mitigating these risks via interface design and signposting throughout the app. In the meantime, please stay alert, and never share your SMS verification code or Signal PIN with anyone.
@signalapp recipients who are not native English speakers may not notice the giveaways in this and similar scams.
This is a forward thinking server running the Bonfire social media platform.
LGBTQA+ and BPOC friendly.
