Signal users should take note: the encrypted messaging platform has launched several new built-in protections aimed at defending against phishing and social engineering schemes.
The update follows a March incident in which Signal acknowledged that its service had been hit by phishing campaigns targeting government personnel and members of the media. These latest enhancements appear to be a direct reaction to those events.
What do the new safety features involve?
The standout update is a “name not verified” label now shown on profiles. This matters because Signal has no way to authenticate the names people choose to display—since users set their own profile names, anyone can pretend to be someone else.
The app has also added an additional confirmation prompt for incoming message requests, encouraging users to approve only contacts they genuinely know. This mirrors WhatsApp’s approach to conversations from unrecognized numbers, giving you the choice to accept or decline.
Signal is now also displaying more comprehensive security tips within the app itself. Users will be warned not to engage with messages purporting to come from Signal, as the company will never request your PIN, registration code, or recovery key. Any such request is fraudulent.
It also flags ambiguous messages intended to provoke a response, dubious URLs, and conversations promoting financial advice as warning signs to be wary of.
Why does this matter?
Social engineering remains among the most prevalent methods of online compromise. No sophisticated technical breach is needed—just deception to extract sensitive details from you.
Fraudsters posing as Signal are especially insidious, capitalizing on the trust users have in the service. The company has indicated that further improvements are coming, marking this as the start of a wider effort to bolster safety across the platform.