Recently, Telegram, a cross-platform instant messaging (IM) application, has seen a spate of account thefts through illegal means and hackers used these compromised accounts to commit fraud.

In response to recent Telegram account thefts, the security research department lists Telegram's common scams and shares guidance on how to avoid them.

Telegram Scams

Obtain your phone screens with the Telegram Login code

Recently, there is a relatively new type of scam, where scammers pretend to be friends and take screenshots of Telegram chats for various reasons. It seems that there is no danger, but at the moment, scammers are trying to log in to Telegram using your mobile phone number. When a screenshot is sent with a login code, it will be used by scammers to successfully log into your Telegram account. Details of the scam process are as follows:

1. get the phone number for your Telegram account.

If your Telegram account is set to be visible to anyone, your phone number will be seen by anyone including scammers, or they will first get your friend's account and then look up your phone number.

2. Cheat the login code.

Scammers always tell you that there is a problem with your account and cheat your screenshots. Meanwhile, they try to log in to your account by entering your phone number on a new device.

Take the following verbal tricks for example:

(1) There are two identical contacts in the interface: when an encrypted chat is created for a contact, two identical contacts appear in the chat list. The encrypted chat communication shown below has a lock icon in front of the name.

(2) Need friends to help unlock his/her account: Scammers will say that his/her account was officially restricted and need friends to send a verification code to help unlock his/her account.

3. log in to your account to continue the fraud

When you inadvertently send screenshots with a login code to scammers, if your account does not open two-factor authentication, scammers can use the login code to log into your account. Then scammers will delete all the devices, change the password, and then continue to cheat other people in your contact list.

Scam messages sent by fake Telegram Official account

Scammers will pretend to be TG's official account to send you a message which claims that your TG account violates the usage rules and will be restricted. You need to access a website that they provide for you. If you click the phishing link, your account will probably be compromised.

Third-party applications with a backdoor

Since there is no Chinese version installation package, users often use search engines to find a Chinese one. Thus, scammers use SEO optimization to direct their Telegram download site and induce users to download their malicious applications.

When users download TG with a backdoor, their chats will be scanned. If there is any crypto wallet address in the chats, the address will be replaced by the scammers’ address and users are cheated to transfer their funds to scammers.

In this example, a user downloaded a Chinese-version telegram client on the website http://www.telegram-china.org (right now unaccessible) and sent a trx address:

At that time, the address was TNpEa9PoqWsoPcTdTqUUdrYJbqhVLoSVFh. Then it was replaced by another address when the app was reopened.

Malicious Telegram Chinese language packs

A telegram channel(https://t.me/zh_CN_Telegram_zh_CN_CN_zh_ch_zn) was reported to be a fake channel. The official channel for Chinese language packs is https://t.me/zh_CN which stops updating because of a lack of developer support. The fake channel had almost 800000 subscribers when it was found a scam that offered a Chinese language pack with a backdoor.

security experts have analyzed the language pack file and found that it would escape the detection of security software and avoid analysis of the sandbox by detecting the movement of the mouse.

Telegram bot to cheat your password

Foreign security researchers have found that some criminal organizations use Telegram bots to steal users' OTP tokens and SMS authentication codes to complete 2FA (two-factor authentication). The attackers use Telegram bots to access account information, including calling victims and impersonating banks and legitimate services. Through social engineering, the attackers also trick people into providing them with OTP or other authentication codes via mobile devices. Then, the scammers use the codes to defraud users of their money, passwords, session cookies, login credentials, and credit card details.

Crypto Scams

scammers pretend to be cryptocurrency experts on Telegram to promote promises of a good return on investment in cryptocurrency. Scammers will either comment on Twitter or contact you directly on Telegram, claiming to be able to provide you with a high return on your investment.

If you believe their verbal tricks, scammers will ask you to open an account on their special cryptocurrency exchange. At that point, they'll show you a chart showing that your investment is increasing, but when you try to withdraw your funds, scammers will disappear with your funds.

Open two-factor authentication

For your account safety, you are encouraged to set your password for two-factor authentication. This password is only required when your account tries to log in as a new Telegram client.

Open Setting > Privacy and Security > Two-step Verification and set your password. You are also encouraged to set your recovery email in case you forget your password.

Be careful to use a third-party client

Check the way you downloaded the Telegram client. If you downloaded TG by using an installation package that was found on some websites, please uninstall it and reinstall TG by downloading the package on TG's official website. The third-party clients probably can control your account, read your entire chats and collect your device information. Thus, please download TG on its official website for safety.

Do not send your personal information to Telegram bots

Use Telegram bots with caution and do not disclose personal data, including names, user names, phone numbers, e-mail addresses, passwords, or any information that can be used to identify you.

Be careful when you receive DMs from strangers

Do not easily believe strangers' DMs to avoid financial loss or information disclosure. If disturbed, you can choose to block them. When you receive unfamiliar files and links, do not click them without further careful checking.

Check wallet address

If you want to send the wallet address to someone, check the address with multiple verifications. It is better to take a screenshot of the wallet QR code and send the screenshot to others.

Regularly check the devices that login to Telegram

Check the status of devices’ IP addresses which log in to Telegram periodically, and force the devices with abnormal IPs to be offline.

Do not share your phone number when you add contacts

There is only a concept of Contacts instead of Friends on Telegram. When you add or delete some contact, your account will not be removed from his/her contact list. When you add a contact, you can uncheck the Share My Phone Number option which is checked by default.

Hide your phone number and add restrictions on joining groups

You can hide your phone number, status, profile, and forwarded messages if you go to Setting > Privacy and Security. You can set that you can not be added to a group if the adder is not in your contact list to reduce the risks of being cheated. Also, do not use the function “Add People Nearby”.

Stay Updated and Safe

🙏 @Cryptos_karama