Russian Hackers Are Phishing for Your Signal Backup Keys, FBI Warns

What's Happening Right Now

The FBI and CISA have issued a public warning about a sophisticated phishing campaign targeting Signal users. Russian intelligence operatives are sending fake messages designed to trick people into sharing their Signal backup recovery keys. Once they have your key, attackers can hijack your encrypted account and read all your messages.

The Details: How This Attack Works

Most Signal users think their backup recovery key is just a safety net in case they lose their phone. You're right to think that, but that's exactly what makes this phishing attack so dangerous. The backup key is actually a master password that unlocks all your encrypted messages and contacts.

Here's how the scam works: You receive what looks like an official message from Signal or a trusted contact. The message claims there's a security problem, an account verification needed, or that your backup is at risk. It asks you to confirm or enter your backup recovery key to fix the issue. The moment you share that key, attackers gain complete access to your Signal account.

The attackers are not random scammers. Russian intelligence services are running this operation with specific targets in mind. They're creating convincing fake websites and messages that look almost identical to legitimate Signal communications.

Who Is Affected

This threat primarily targets professionals who handle sensitive information: journalists, activists, lawyers, government employees, and business executives. If you use Signal for work communications or discussions that need privacy, you're at higher risk.

However, anyone using Signal should pay attention. Attackers often cast a wide net, hoping to catch a few valuable targets among many attempts. If you've ever set up Signal backups on your phone, you have a recovery key that could be targeted.

What You Should Do Right Now

1. Never share your Signal backup recovery key with anyone, ever. Signal will never ask you for this key through a message, email, or phone call. Treat it like your bank PIN.

The Bigger Picture

This attack highlights a critical shift in how sophisticated attackers operate. They're not just hacking systems anymore. They're hacking trust and exploiting our own security tools against us. As more people adopt encrypted messaging for privacy, attackers are finding creative ways to bypass that encryption without breaking the technology itself.

How GetCyberRight Can Help

Our GCR Scam Guard tool helps families recognize phishing attempts before they become problems. It trains you to spot the warning signs when someone is trying to trick you into sharing recovery keys, passwords, or other credentials. Think of it as practice for real-world threats, so when a sophisticated attack like this one arrives in your inbox, you'll recognize it immediately and delete it without hesitation.