**Signal** is enhancing its security measures with new in-app confirmations and warning messages designed to thwart phishing and social engineering attempts. The goal is to provide users with opportunities to evaluate the safety of incoming requests, particularly those that could lead to fraud. ### Rise in Targeted Attacks Recent reports from the **FBI**, the Dutch government, and German authorities have highlighted a surge in attacks targeting high-profile **Signal** users. These attacks often involve bogus 'Signal Support' alerts. These incidents have been attributed to Russian state-sponsored hackers who exploit the Linked Device feature to compromise accounts, access chats, and steal contact lists. The attackers typically trick victims into scanning QR codes or sharing one-time codes under the guise of account verification, enabling them to link their own devices to the target's account. ### New Security Features According to **Signal**, the new protections include: * A 'Name not verified' indicator under contacts communicating via direct messages, coupled with a 'No groups in common' notification to highlight a lack of association. * Prompts asking users to confirm new requests, reminding them that **Signal** will never ask for their registration code, PIN, or recovery key. * Enhanced safety tips with new entries and detailed information. * Reminders to ignore chats claiming to be from **Signal** Support.  *Signal's new phishing and social engineering protections. Source: Signal* ### The Human Element Social engineering remains a highly effective attack vector, bypassing many traditional security measures. Users are urged to be vigilant and suspicious of messages from unknown contacts, particularly those requesting QR code scans or verification code sharing. **Signal** users should also regularly review their linked devices in the app settings and remove any unrecognized devices to maintain account security. [article image](https://www.bleepstatic.com/c/p/autonomous-validation2.jpg) ## [99% of What Mythos Found Is Still Unpatched.](https://hubs.li/Q04crVgD0) AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. [Claim Your Spot](https://hubs.li/Q04crVgD0)