Everything You Need to Know About Signal App Scams

Technology is one of the backbones of communication today. It’s brought about new ways of talking to people over text and video that at one time or another, were deemed entirely impossible, bringing us closer in the process However, as technology evolves, it also gives bad actors new ways to facilitate cybercrime operations, like in the case of Signal app scams.

Learn more about the common Signal app scams that are being run on the messaging platform and how you can recognize them through tell-tale signs below!

Subscribe to the DOT Security blog for regular updates on everything cybersecurity so you can stay informed on the latest trends, the biggest headlines, and the newest technologies.

What Is the Signal App?

Signal is a free, open-source messaging app known for its strong emphasis on privacy and security. Developed by the non-profit Signal Foundation and Signal Messenger LLC, the app provides end-to-end encryption for all communications, ensuring that only the intended recipients can read the messages.

This encryption extends to text messages, voice calls, video calls, and multimedia messages, making Signal a preferred choice for users who prioritize confidentiality and data security. The app does not store user data on its servers, further bolstering privacy by preventing any potential breaches or unauthorized access to personal information.

In addition to its robust security features, Signal offers a user-friendly interface and a variety of functionalities. Users can create group chats, share files, send disappearing messages, and verify the identity of their contacts through unique safety numbers.

However, with all of this focus on privacy and secure messaging, Signal has also become a bit of a hotspot for threat actors who aim to remain anonymous throughout interactions.

Common Signal Messenger Scams

Most of the common scams that users run into on the Signal app have tell-tale signs that make them easy to recognize with a little bit of a trained eye. Below we detail how five common Signal app scams work as well as how they can be recognized.

The scams we’re going to cover include:

1. Employment Scams
2. Customer Support Fraud
3. Romance Scams
4. Phony Giveaways
5. Wrong Number or Old Friend Scams

1. Employment Scams

Employment scams on Signal typically involve fraudsters posing as employers or recruiters to exploit those looking for work. The scam often starts with an unsolicited message from the threat actor claiming to represent a well-known company or offering a lucrative job opportunity.

These messages can appear highly professional and convincing, often including details like job descriptions, salary offers, and the company's name and logo. The scammer might even ask the victim to provide personal information, such as their full name, address, and Social Security number, under the guise of a job application process.

Once the scammer has gained the victim's trust, they may request a payment for job-related expenses, such as background checks, training materials, or work equipment. They may also send fake checks, asking the victim to deposit them and then transfer a portion of the funds back to the scammer, claiming it's for business expenses.

However, these checks will eventually bounce, leaving the victim liable for the full amount. The scammer's goal is to steal personal information, money, or both, often leaving the victim with financial loss and compromised personal data. These are also commonly known as check scams.

Signal's encrypted messaging makes it harder for authorities to trace these fraudulent activities, emphasizing the need for users to be vigilant and cautious about unsolicited job offers.

2. Customer Support Fraud

These scams typically begin with an unsolicited message from someone claiming to be from a well-known company's customer service department. The scammer may allege that there is an issue with the user's account or a recent transaction that needs immediate attention. They often create a sense of urgency, pressuring the victim to act quickly to resolve the made-up problem.

The threat actor then prompts the victim to provide sensitive information, such as login credentials, credit card numbers, or other personal details, under the pretense of verifying their identity or fixing the issue. In some cases, the scammer may send a link to a phishing website designed to look like the company's official site, where the victim is asked to enter their information.

Once the scammer obtains this data, they can use it for identity theft, unauthorized transactions, or other malicious activities.

3. Romance Scams

Romance scams on Signal typically involve fraudsters creating fake profiles to establish romantic relationships with their targets. As with the other scams described above, romance scams also typically begin with an unsolicited message often accompanied by a compelling and attractive profile, to engage the victim.

They invest significant time in building trust and emotional connections, sharing fabricated personal stories, photos, and even engaging in intimate conversations. These scammers exploit the emotional vulnerability of their victims, making them believe they are in a genuine and loving relationship.

Once the scammer has gained the victim’s trust, they start to manipulate the situation to extract money or sensitive information. They might fabricate urgent scenarios, such as medical emergencies, travel mishaps, or financial crises, pleading for financial assistance. The victim, driven by their emotional attachment and desire to help, may end up transferring money or sharing financial details.

In some cases, the scammer might also ask for explicit photos or videos, which they later use for blackmail. The anonymity and encryption provided by Signal make it easier for scammers to conduct these fraudulent activities without being easily traced, making it crucial for users to be cautious and verify the identity of their online romantic interests.

The romance scams on Signal are also very similar to what we see in pig butchering schemes.

4. Phony Giveaways

In giveaway scams on Signal threat actors use the guise of well-known brands or influencers, claiming that the recipient has won a prize or a special giveaway. To start, threat-actors announce that the victim has been randomly selected to receive a valuable prize, such as electronics, gift cards, or cash.

The message might include official-looking logos, photos, and other elements to make the giveaway appear legitimate. With this messaging, the scammer creates a sense of excitement and urgency, encouraging the victim to act quickly to claim their prize.

To claim the prize, the victim is usually asked to provide personal information. Sometimes, the scammer might request a small fee for "processing" or "shipping" the prize. Once the victim provides the requested information or payment, the scammer either disappears or continues to exploit the victim for more money or information.

5. Wrong Number Scams

Wrong number or old friend scams on Signal are when the scammer pretends to have mistakenly messaged the victim or claims to be an old acquaintance. The scam typically begins with a message that appears to be sent in error, such as, "Hi, is this John? I found your number in my contacts."

Alternatively, the scammer might pretend to be an old friend who recently changed their number, using friendly and familiar language to establish a connection.

Once the victim engages in conversation, the scammer works to build rapport and gain their trust. They might share personal anecdotes, fabricated memories, or even use information gleaned from social media profiles to make the interaction seem more genuine. As the conversation progresses, the scammer's goal is to either extract personal information or to solicit money.

Wrapping Up on Signal App Scams

Building a culture of cybersecurity requires a 360-degree mindset that accounts for the entirety of your attack surface. In other words, to remain cyber secure in today’s day and age, you need a comprehensive strategy that uses multiple defense measures and adheres to industry best practices.

As such, teaching employees how to recognize common scams being run by threat actors on messaging apps like Signal is vital to protecting your network, your data, and most importantly, your people.

If you’re looking for a way to stay up to date on everything in cybersecurity from the biggest headlines to the newest technologies and latest trends, subscribe to the DOT Security blog!