Users of the Telegram instant messaging application are having their accounts hijacked. It all starts with a message from a known contact that includes a link to a web page where you can win a prize or enter a contest.
Telegram is considered one of the most secure instant messaging systems. However, cybercriminals have targeted this application to steal its users’ accounts. The victim receives a message requesting a gift, entering a contest, or enjoying Telegram Premium, just a few examples. According to alerts from Kaspersky, the message is accompanied by a link that will take the victim to a fraudulent site.
Once the user has fallen for the trap and clicked on the link, they are informed that to receive the prize; they must authenticate through Telegram by entering their phone number and a verification code or scanning a QR code.
There are no giveaways or contests. The message, in reality, has not been written by one of the contacts but by a cybercriminal who previously hijacked that other person’s account and indeed did it in the same way.
The links are created with URL shorteners, a method commonly used by attackers to avoid discovering the actual address of a site. In addition, they are more difficult to detect by antiphishing systems.
Most of the time, the websites the victim is redirected to are fundamental. The first page shows a message that may be ‘Free access to the trial version of Telegram Premium.’ The login is then displayed.
At this point, there are two possibilities: if the web has been opened from a computer, the login will be requested through a QR code, while if it has been done from the mobile, the country of origin and the number of the phone.
If the phone number is provided, cybercriminals will use it to log in from another device. The application’s security system requires user confirmation through a verification code sent to the mobile or computer where Telegram is authorized.
With two-factor authentication turned off, the code and phone number are all attackers need to log into the account. If the key is entered on the fraudulent website, they will control it and may even link it to other devices.
Everything will be even easier if the chosen method is the QR code. A verification code will not even be required. The particularity is that it is not a QR code to log in from the victim’s phone but a code to connect an additional device or open a web session with the account. By scanning that code, cyber attackers will automatically log in and take control of the account.
To protect yourself from these types of scams, experts recommend the following:
- Do not follow suspicious links or enter a Telegram verification code anywhere other than the app itself.
- Enable 2FA: This won’t interfere with your daily communication, but it will protect you against login attempts from other devices by requiring an additional password, adding another layer of protection. To enable 2FA in Telegram on your phone, go to Settings → Privacy and security and tap Two-Step Verification. Afterward, all that remains is to set a password, create an optional hint in case you forget it, set up a recovery email, and enter a confirmation code that you will receive in the mailbox.
If you’ve already become a scam victim by entering a code on a fake site, act fast to regain control of your account. Head to Settings → Devices and tap on Sign out all other sessions.