Fake Support Calls on Signal
How scammers impersonate tech support, bank security teams, and platform representatives on Signal to extract remote access or personal data from privacy-conscious users.
Part of: Fake Tech Support Calls
Last reviewed: 1 June 2026
Signal's reputation for security and privacy creates a paradoxical vulnerability: users who have specifically chosen the platform for sensitive communications may be more likely to trust a message claiming to come from a security or support team on that same channel. The reasoning — that a genuine security specialist would contact them on a secure platform — is the hook the scammer intends to set.
Fake support approaches on Signal often target people who have recently been discussing sensitive financial or security topics, suggesting targeting based on data from other compromised channels rather than Signal itself.
How this scam works on Signal
A message on Signal claims to be from the platform's own security team, a bank's fraud department, or a technology provider, warning of suspicious activity on the recipient's account. The contact requests confirmation of identity details to 'verify ownership' or urges the victim to install a support tool to 'secure their device'.
In bank-impersonation variants, the caller provides partial account details to establish credibility — these may be sourced from a prior data breach rather than genuine inside knowledge. The victim is then directed to approve a transaction or share a one-time passcode that authorises a fraudulent transfer.
Because Signal messages are end-to-end encrypted, the victim may reason that the communication is genuinely private and therefore safe to respond to — overlooking the fact that encryption does not authenticate the identity of the sender.
Common red flags
- Signal message claiming to be from a technology company's or bank's security team
- Provision of partial personal details used to simulate inside knowledge of the victim's account
- Request to share a one-time passcode, two-factor authentication code, or login credentials
- Instruction to install a remote-access or screen-sharing application
- Urgency: account will be suspended or funds lost if action is not taken within minutes
- Caller who discourages the victim from verifying through the official channel, claiming that will trigger a hold
How to protect yourself
- Understand that Signal's encryption is between you and the sender — it does not verify who the sender is
- Verify any claimed security or support contact by calling the organisation's official publicly listed number independently
- Never share one-time codes, recovery phrases, or login credentials in response to an inbound contact
- Refuse to install any software at the direction of an unsolicited contact, regardless of the claimed justification
- If in doubt, hang up or stop responding and initiate contact yourself through the official channel
How to report it
- Report the Signal number to Signal's support team via the in-app report function or their support website
- Notify the organisation being impersonated through their official fraud team so they can issue alerts
- Report to your national consumer protection or financial regulator if money or account access was compromised
Frequently asked questions
Would Signal, a bank, or a tech company ever contact me on Signal unsolicited?
Signal, financial institutions, and technology companies do not initiate unsolicited security contacts via messaging apps. Any such contact should be treated as fraudulent until independently verified through the organisation's official published contact channels.