If you use Signal, there’s something important you should know. The encrypted messaging app has rolled out a set of new in-app safety measures designed to protect you from phishing and social engineering attacks.
This isn’t out of nowhere either. Back in March, Signal confirmed that its platform had been targeted by phishing attacks aimed specifically at government officials and journalists. It seems that these new changes are a direct response to that.
What are the new safety changes in Signal app?
The most notable addition is a “name not verified” notice that now appears on profiles. This is important because Signal cannot actually verify the names users display on their profiles. Anyone can claim to be anyone since the profile name is set by individual users.
Signal has also introduced an extra confirmation step when you receive a message request. The idea is to only accept requests from people you actually know and trust. This is quite similar to how WhatsApp handles chats from unknown numbers, where you get the option to accept or cancel when it comes from an unknown number.
The app now also surfaces more detailed safety guidance directly in the interface. You’ll see reminders not to respond to chats claiming to be from Signal, since Signal will never reach out to ask for your PIN, registration code, or recovery key. If someone is asking for any of those things, it’s a scam.
The app also highlights vague messages – designed to lure a reply, suspicious web links, and any chat pushing financial tips – as red flags to watch for.
Why this matters?
Social engineering is one of the most common ways people get compromised online. It doesn’t require a technical hack. It just requires tricking you into handing over the right information.
Scammers impersonating Signal itself is a particularly sneaky tactic because it exploits the trust people place in the app. Signal has confirmed more changes are on the way, so this is just the beginning of a broader push to make the platform safer for everyone.
