Recently, there has been a rise in cases of fraudulent attacks targeting users of the popular Telegram messenger. Attackers are employing a sophisticated phishing scheme to gain unauthorized access to personal accounts of their victims.
According to data from F.A.C.C.T., cybercriminals are posing as fake Telegram support and sending false warnings to users, claiming that an application has been executed to delete their accounts. To supposedly prevent this deletion, the attackers persuade the victims to click on a harmful link to cancel the procedure.
Upon clicking the link, users are taken to a website cleverly designed to mimic an official interface of Telegram. Here, users are prompted to input their phone number linked to the account, as well as a one-time security code sent from Telegram.
By obtaining the phone number and security code associated with the account, the attackers seize control of the victim’s Telegram account, gaining access to chat archives, conversations, and even channels if the victim was an administrator or owner of one. Notably, the phishing website immediately returns an error if incorrect account information is entered, mimicking legitimate behavior.
The distribution of malicious links is primarily done through personal messages on Telegram, allowing scammers to operate with minimal phishing clones – typically utilizing one active resource and a backup domain in case the former is blocked.
It is important to highlight that third parties cannot request the deletion of a Telegram account; only the account owner can do so through the messenger settings. Users are advised to delete their own accounts promptly or set up automatic removal after a period of inactivity.
Security experts from F.A.C.T. urge Telegram users to implement all available security measures, including setting up two-factor authentication, refraining from sharing one-time codes with anyone, particularly suspicious “support services,” and carefully verifying the legitimacy of any websites prompting action under uncertain circumstances. Users can verify the authenticity of websites using their domain name and employing Whois services to ascertain relevant information about the site’s creation.
Prior to this, analysts from the Solar Group of Companies disclosed how cybercriminals exploit Telegram accounts by directing users to themed websites featuring images.