Phishing on Signal
Phishing attacks on Signal distribute malicious links through group messages and individual chats, targeting cryptocurrency wallet credentials and account logins with links that appear to be from trusted contacts or official services.
Part of: Phishing
Last reviewed: 1 June 2026
Signal's end-to-end encryption means message content is private, but it also means link-preview and malware detection tools that operate on some messaging platforms cannot scrutinise content before it reaches the recipient. This makes Signal a channel where malicious links are delivered with relatively little platform-level interference.
Phishing on Signal typically exploits trust — either by compromising an existing Signal contact's device and sending links from their number, or by joining groups and posting links that appear to be legitimate resources.
How this scam works on Signal
Malicious links are shared in Signal groups promoting crypto, finance, or investment topics, framed as articles, tools, or airdrop opportunities. The linked pages harvest wallet keys, exchange credentials, or payment details.
A second vector involves compromised Signal contacts: if a phone is compromised through malware, the attacker can send phishing links to all Signal contacts from the legitimate account, bypassing the suspicion that an unknown number would trigger.
Some attacks impersonate Signal itself — sending messages claiming to be from Signal Support requesting account re-verification through a link.
Common red flags
- Link shared in a Signal group that requires logging in or connecting a wallet
- Message from a contact that seems out of character, particularly if it contains only a link
- Signal Support message arriving via chat — Signal communicates through the app, not DMs
- Link that redirects multiple times before landing on a login page
- Crypto airdrop or giveaway link shared in a Signal group
How to protect yourself
- Do not click links from Signal groups or contacts that require login or wallet connection
- If a contact sends an unexpected link, verify through a separate communication channel before clicking
- Enable Signal's Screen Security feature to limit device exposure
- Register Note to Self and use it for any links you want to revisit — this keeps browsing separate from Signal
- Keep your phone OS and Signal app updated to reduce malware exposure vectors
How to report it
- Report the contact or group via Signal's in-app report function
- Forward malicious link details to your national cybersecurity agency
- If credentials were compromised, contact the relevant service immediately to change passwords
Frequently asked questions
Does Signal's encryption protect me from phishing links?
Encryption protects message content in transit — it does not protect you from clicking a malicious link. Phishing is effective regardless of the encryption level of the channel it travels through.