Signal App Scam UK

Spot the three dominant Signal scam patterns in 2026 — crypto / investment pivots from ‘verified’ Signal contacts, fake Signal security registration phishing, and group-DM airdrop drainers — with Signal’s registration-lock PIN recovery flow.

Last reviewed: 13 May 2026 · ScamSupport research

Why Signal’s privacy reputation makes it scam-attractive

Signal is the most privacy-respecting major messenger: end-to-end encryption by default, minimal metadata, no advertising, no message storage on servers. These properties make it ideal for journalists, activists, security professionals — and, perversely, for scammers, because the same properties limit the platform’s ability to detect scam patterns or assist with recovery.

In the UK, Signal scams skew toward two adversary profiles: (a) sophisticated pig-butchering operations that move conversations from WhatsApp / dating apps to Signal “because it’s more secure” — using the privacy framing to lower the victim’s guard against the eventual investment pitch; and (b) crypto / NFT communities where Signal groups host airdrop announcements, often impersonated by scam operations that DM members with fake claim links.

Signal’s strong encryption is not a vulnerability — it’s the platform’s design. The vulnerability is the social-engineering use of that privacy framing. The three patterns below are the dominant 2026 UK variants.

Three Signal app scam variants currently in circulation

Variant 1 — Crypto / investment pivot from “privacy-conscious” contact

How it presents: Initial contact on a dating app, LinkedIn, Telegram or WhatsApp. After a few messages the contact suggests moving to Signal — framed positively: “I prefer Signal, it’s the only really private messenger”, “my work requires encrypted comms”, “I’m careful about privacy”. The relationship builds; weeks later the contact introduces a “trusted” trading platform / crypto wallet / business opportunity. Funds are requested in cryptocurrency.

Red flags:

  • Insistence on Signal as the “private” channel. Real privacy-conscious people don’t require everyone they chat with to switch apps; they simply use Signal themselves when they want privacy. A new contact insisting that YOU switch is signalling a non-monitored channel preference — not their privacy needs.
  • The pig-butchering playbook unchanged. Building trust over weeks, photos of an aspirational lifestyle, eventual investment pitch. Same script as WhatsApp / Instagram / LinkedIn variants — the channel just changed.
  • Real privacy framing is consistent. A genuinely privacy-conscious person isn’t typically the same person who shares wealth-signal photos and invests in retail crypto platforms. The framings contradict each other.
  • Run any investment offer through our Investment Pitch Analyser. The 8-pattern check is channel-agnostic — works for Signal-introduced offers as much as any other.
  • Reverse-image-search profile photos. Google Images / TinEye on any photo received. Stock-photo hits or hits on unrelated profiles signal photo theft.
  • Voice or video calls fall through. Same as other pig-butchering channels — calls are short, laggy, or never happen.

Variant 2 — Fake Signal security update / registration verification

How it presents: An SMS, email, or in-platform DM claiming to be from “Signal Security”, “Signal Support”, or “Signal Verification Team” asks the user to verify their account or update registration to avoid losing access. The message includes a link to a fake Signal page that captures phone number + verification code, allowing the scammer to register a new Signal account on the victim’s number.

Red flags:

  • Signal does not send security or verification messages via SMS, email, or in-app DM from users. Real Signal verifications happen via the SMS code mechanism during registration — nothing else.
  • The lookalike domain. Real Signal domains: signal.org, signalfoundation.org. Variants like signal-verify[dot]com, signal-account[dot]net, signalsupport[dot]io are typosquats.
  • Asking for the SMS verification code you received on your phone. Signal sends a 6-digit code to verify ownership of your phone number. If anyone else asks for this code, they’re trying to register YOUR phone number on THEIR Signal app.
  • If you set up Signal’s Registration Lock PIN (Settings > Account > Registration Lock), the scammer cannot re-register your number without your PIN even if they have the SMS code. This is Signal’s built-in defence and should be enabled on every account.
  • If your Signal account is taken over: the scammer immediately accesses your contact list and messages them with the same scam template. Your account becomes a vector for further compromise of your friends and family.

Variant 3 — Group DM crypto airdrop / drainer link

How it presents: The user is added to a Signal group (often without permission) named after a real crypto / NFT project or DAO. Group messages announce an “airdrop snapshot in 24 hours” or “exclusive whitelist for early supporters”. The link routes to a wallet-connection page that drains the connected wallet on signature.

Red flags:

  • Being added to a Signal group without permission. Real crypto / NFT projects use Discord / Telegram for community comms, not unsolicited Signal group additions.
  • Project staff don’t DM about airdrops first. Same rule as Discord and Telegram — legitimate projects explicitly say “we will never DM you first”. The DM itself is the scam signal.
  • The wallet-connection page asks you to sign a transaction. Drainer contracts request approval to spend all tokens / NFTs. The signature is the wallet drain.
  • Urgency “snapshot in 24 hours”. Real snapshots are announced days in advance via official project channels and the project’s own website.
  • Leave the group, block the inviter, mute notifications. Settings > Privacy > Who can add me to groups → set to “Contacts I’ve approved” or “Only contacts”.
  • Use wallet transaction-preview tools. Wallet Guard, ScamSniffer, Pocket Universe display the contract being signed in plain English — catching drain approvals before signature.

Signal-specific protections to enable today

  1. Set up the Registration Lock PIN. Settings > Account > Registration Lock → Enable. Choose a PIN you can remember but isn’t guessable. This is the single most important Signal-account protection: it prevents anyone from re-registering your phone number on Signal without your PIN, even if they intercept your SMS code.
  2. Configure group-add permissions. Settings > Privacy > Groups > “Who can add me to groups” → set to “Contacts I’ve approved” or “Only contacts”. Prevents being added to scam-airdrop groups unsolicited.
  3. Verify safety numbers for sensitive contacts. Inside a chat, tap the contact name > View Safety Number > verify it matches what they see on their device. Genuine Signal’s encryption guarantees only hold if you’ve verified you’re talking to the actual person.
  4. Set disappearing messages for sensitive conversations. Useful for limiting persistence of any information shared. Settings inside a chat > Disappearing Messages.
  5. Don’t share your phone number publicly. Signal uses phone number as the primary identifier. If your number is in public breach databases (check haveibeenpwned.com), scammers can target you via Signal. Consider using a username when Signal’s username feature is fully rolled out.

The verification rules that defeat Signal scams

  1. “Privacy framing” is not a security guarantee. Signal’s encryption protects the channel; it doesn’t verify the person on the other end. Apply the same scrutiny to a Signal contact as to any other messenger contact.
  2. Run investment offers through our Investment Pitch Analyser. Channel-agnostic — works for Signal-introduced offers as much as WhatsApp / LinkedIn / dating-app variants.
  3. Reverse-image-search profile photos. Signal pig-butchering profiles typically use stolen photos. Verify before engaging.
  4. Never share your Signal verification code. The code is for YOU to register on YOUR device. Anyone else asking for it is trying to take over your number on Signal.
  5. Disable group-add permissions for non-contacts. Eliminates the airdrop-drainer DM vector.
  6. For crypto wallets: use transaction-preview tools and revoke unused token approvals at revoke.cash periodically.

If your Signal account has been taken over

  1. If you have Registration Lock enabled: the takeover cannot complete. The scammer will see “Registration Lock PIN required” and be unable to proceed. Re-register on your own device when convenient.
  2. If you don’t have Registration Lock: re-register Signal on your device. Settings > Account > Delete account, then re-register with your phone number. The takeover is invalidated when you re-register.
  3. Set up Registration Lock immediately after re-registering to prevent recurrence.
  4. Warn your contacts. The scammer who briefly had access to your Signal account likely DM’d your contacts with airdrop or investment pitches. Tell them on another channel that anything from your Signal account in the past 24-48 hours was not from you.
  5. If money / assets were lost during the compromise: use the PSR Claim Wizard for UK bank transfers. Crypto recovery is very limited.
  6. Report to Report Fraud at reportfraud.police.uk.

Related scam guides

Use the Scam Message Scanner →