-
Signal has launched a verified Official Chat to help users identify real company messages and avoid fake support accounts.
-
The new feature follows months of phishing attacks that targeted politicians, journalists, military staff, and others handling sensitive information.
-
Signal says users should trust only chats with its verified badge because it will never ask for verification codes or account credentials.

Signal has introduced a new security feature to help users avoid phishing scams inside its messaging service. The company has launched a verified Official Chat that gives users one trusted place for important updates, product news, and security alerts.
The new feature comes after several phishing campaigns used fake “Signal Support” accounts to steal access to user accounts. Many of the attacks focused on politicians, journalists, activists, military workers, and other people who regularly handle sensitive information.
Signal says the Official Chat gives users a simple way to know when a message truly comes from the company. Any account claiming to represent Signal without the verified badge should be treated as suspicious. The company explained that the Official Chat is read-only. Users can receive announcements from Signal, but they cannot reply or request customer support through the conversation.
Signal also reminded users that it never contacts people through chat to request verification codes, PINs, recovery keys, or other sensitive account information. According to the company, anyone asking for those details is not part of Signal. The company introduced the feature to remove confusion and give users one trusted communication channel inside the platform.
Authorities Warn of Growing Phishing Campaigns
The rollout follows several warnings from cybersecurity and intelligence agencies in the United States and Germany. Officials said attackers have been using fake Signal support accounts to trick people into giving away access to their accounts.
Earlier this year, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warned that threat actors linked to Russian intelligence had been targeting Signal users.
According to the agencies, the attackers did not break Signal’s encryption. Instead, they relied on social engineering. They pretended to be trusted support staff and convinced victims to complete actions that handed over control of their own accounts.
German authorities also reported a similar campaign. Public advisories said fake “Signal Support” chats targeted government officials, journalists, activists, and military personnel.
According to Der Spiegel, the campaign reportedly compromised around 300 political accounts. The report highlighted how large the operation had become. Most attacks followed the same pattern. Criminals first contacted victims through fake support accounts. They then asked them to scan harmful QR codes, enter one-time verification codes, or approve requests to link another device.
The requests appeared to improve account security or restore access. In reality, those actions connected the victim’s account to a device controlled by the attacker. Once that happened, the attackers could read private conversations without needing the victim’s password.
Signal Advises Users to Trust Only Verified Messages
Signal says its end-to-end encryption remains secure. However, the company has repeatedly explained that encryption cannot stop people from being tricked through phishing or other social engineering attacks. The company believes the verified Official Chat will reduce that risk. It gives users one trusted place for genuine announcements and security messages.
The need for trusted communication channels is underscored by the emergence of a massive Telegram data breach claim online, though its authenticity remains unverified.
According to Signal, users should always check for the verified badge before trusting any account that claims to represent the company. If the badge is missing, users should assume the account is fake.
Signal also stressed that it does not provide customer support through unexpected chat messages. Any message asking for account credentials or verification information should be treated as fraudulent.
Security Experts Recommend Extra Safety Steps
Security experts continue to encourage users to enable Signal’s Registration Lock feature. This adds another layer of protection and makes it harder for attackers to register a stolen account. Experts also recommend checking linked devices on a regular basis. Users should remove any device they do not recognize immediately.
People should ignore unexpected requests for verification codes, PINs, recovery keys, or device-linking approval. Those requests remain one of the most common tricks used in phishing campaigns. Signal hopes the new Official Chat will make impersonation scams easier to spot. The company wants users to have one verified source for updates instead of relying on messages from unknown accounts.
Phishing attacks continue to evolve as criminals improve their tactics. Many attackers now focus on deceiving people instead of attacking software directly. Signal’s latest security feature is another step toward helping users recognize genuine company messages before they fall victim to increasingly convincing impersonation scams.