Are you getting irritating spam messages on Signal? This is normal!

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Are you getting irritating spam messages on Signal? This is normal, and that does not make it a less secure app than advertised.

At the end of 2020, the planned change in WhatsApp’s terms of service led to a large departure of users to its competitor Signal. Many people have discovered the messaging application, touted for its model of privacy.

But a few months later, these new users are already getting angry. They receive phishing and spam emails on the so-called “secure” app: a fake Amazon promises them an iPhone 12, they are told they’ve won bitcoin, or they receive sexual spam.
This is an example of a phishing link currently being sent to Signal users. // Source: @ Sebweb33 on Twitter

Would Signal lie to its users? Well, no, not at all. It is simply that the “security” it offers is poorly understood. Could it do more to fight against this spam? Maybe, but the problem with spoofed messages goes way beyond the app itself.
The very principle of Signal makes spam detection difficult

Signal protects the confidentiality of your exchanges, with an open source encryption algorithm – that is, verifiable by anyone. It is this property alone that gives it the adjective “secure”.

Concretely, Signal will apply a layer of encryption to the messages you send. More exactly, your app will encrypt them, using an almost unique key. Only the recipient of the message will have a duplicate of this key, and only his smartphone will be able to decrypt the message you sent him and read its content. If someone – a cybercriminal, a police officer, or a Signal employee, for example – intercepts the message between the two devices, they will not be able to read the content. This is why Signal counts among its historical users activists who fear repression from different governments; journalists who must guarantee the anonymity of their sources; or by criminals who want to escape police surveillance.

Problem: This guarantee of confidentiality of messages hampers the deployment of spam filters. Since Signal cannot read the content of messages you receive, the app cannot, for example, block all those that contain a link identified as dangerous.

In other words, Signal ensures that no one other than you can read the message you have just received. On the other hand, the app does not guarantee the integrity of its content: the message can relay fake news, it can contain a link to malware or even threats. Signal will not protect you from this, and does not claim to do so at any time.
Why am I receiving phishing messages on Signal?

Another misconception is that just because you receive a phishing message from an unknown number on Signal doesn’t mean that the organization has experienced any security issue.

To send yourself a message on Signal, all you need is your phone number. And getting it is a pretty straightforward task: an unscrupulous company you entrusted it to might have sold it; it could be included in one of the many data breaches detected each week; or you could post it publicly on one of your social networks. For example, the stolen Facebook database contains as many as 500 million phone numbers that thugs can easily sprinkle with fraudulent messages.

One question remains: why do criminals send you these messages on Signal rather than by SMS? Several tracks:

Signal allows you to display a user name and profile picture of your choice. This will create a more credible sender profile, and increase the chances of phishing success.
Since Signal's "security" is poorly understood, some users will think that the content of the message is harmless because otherwise Signal would have blocked it.
SMS spam campaigns have a certain cost per message, although it is low. Sending a message campaign on Signal would be inexpensive.
The popularity of the app over the past few months has made the app more attractive to cybercriminals.

What is Signal doing against spam messages and what could it do better?

You may not have noticed it, but spam messages you receive do not appear like messages from people saved in your directory. And for good reason, Signal considers them as contact requests, and offers you three options: accept the message, delete it or block the sender. Until you choose one of these options, the links in the message are disabled, meaning you won’t be able to click on them.

This is good protection: the overwhelming majority of malicious messages require a user click to close their trap. While this feature doesn’t prevent them from receiving an unnecessary notification, it does get people thinking about the risk they are taking when viewing a message from an unknown sender.

Your number is compromised, not Signal

Don’t hesitate to block suspicious messages: companies imitated by thugs don’t communicate through third-party messaging apps like Signal. And if someone really needs to contact you, they can make a call or text you, since they have your phone number.

As How to geek notes, some users ask Signal to create a feature to automatically block messages sent by strangers, whose number is not saved on the smartphone. Others ask for a malicious number reporting feature, such as it exists on WhatsApp for example. But at this time, Signal has not commented on these requests.

If you are really annoyed by the phishing received on Signal, you can still remove the application. But since receiving spam is first and foremost a sign that your phone number is compromised, this action will not solve all of your problems.

Photo credit from one: CCO / WIkimedia

Subscribe To Our Newsletter

More To Explore

website creation
Internet

10 Attributes to a Good Website

What’s the one thing that can make your business bigger than ever? The answer is- ‘having a good online presence’. And how do you create

iphone security
Computer, Internet Security

Mettez à jour vos iPhone, Mac et iPad !

Apple prévient que des failles sont peut-être exploitées Apple diffuse une série de correctifs pour iOS 14.5, mais aussi pour macOS Big Sur et l’Apple

Wanna take it to the next level?

drop us a line and let's get started

We're Here To help

Feel free to contact us, and we’ll be more than happy to answer all of your questions.

a2Da Digital

a2Da Digital is a brand of a2Da Enterprises

ERHUB
Ahtri 12
10151 Tallinn, Estonia

[email protected]

+372 712 4283
Hours : 08:00 to 18:00 Mon – Fri
Support 24×7 Submit a Ticket Here
Registered in Tallinn, EE : 14740580
VAT : EE102279616

Secured BACKUP

Nothing is more important than having your data available at all times, wherever you are, whatever you do.

At a2Da Digital we provide real time backup of your data, and because your data belongs to you, you are the only one able to use it. No advertising, no reading your documents to propose targeted advertising! It’s your data and only yours!

And because it is important that your documents are really safe, they go through our award-winning anti virus systems so you don’t backup viruses as well!

We use SYNOLOGY world-renowned backup servers to guarantee the integrity of your data, and back up the backup as a fail-safe.

You use several terminals (desktop, laptop, telephone, tablet)? You can use our system as a centralized repository of your documents so everything is synchronized in real time and available to you no matter the terminal.

Our company is a collective of amazing people striving to build solutions you need.

Actual people, easy to contact and who know what they are doing, these are the members of the team you will deal with. We all speak French and English, have an engineer level not matter the position and will be able to answer all your questions as quickly as possible. Just drop an email at [email protected] with your question.

We have both eyes on our equipment, update and maintain it ourselves 24/7 and have constructed an architecture that we believe is sound, secured, efficient and cost effective.