Telegram Identified as a Hotbed for Scammers

Published 11 months ago

Telegram, the popular messaging app, is reportedly serving as a marketplace for cybercriminals selling phishing tools. Cybersecurity startup Guardio has raised the alarm, labelling the platform as a “scammer’s paradise”.

A Billion-Dollar App Turned Dark

Telegram, an encrypted messaging app with over a billion downloads and 700 million monthly active users, hosts numerous third-party phishing kits. These kits enable malicious actors to promote and sell their illicit tools. Guardio’s recent report documented how scammers use the platform to advertise deployable phishing kits, which can steal users’ credentials for platforms such as Netflix, Spotify, Facebook, Citi, Capital One, and Bank of America.

An Affordable Start to Cybercrime

With just $230, aspiring cybercriminals can get their hands on the tools needed to launch phishing scams. The tools can send data back to the scammers’ Telegram, and even offer phishing-focused Telegram support groups, according to findings by Guardio and The Hacker News. The startup’s Head of Labs, Nati Tal, and Security Researcher, Oleg Zaytsev, noted that the app has become a bustling hub where both seasoned and novice cybercriminals exchange illicit tools and victims’ data.

Sophisticated Scams and Bypassing Security Measures

More expensive scams available on Telegram can create fake proxy pages that connect to legitimate businesses. This allows scammers to bypass two-factor authentication while receiving victims’ data. Telegram also hosts bots that generate crypto giveaway scams, where buyers can choose different illegitimate Tesla and SpaceX-themed scams.

An Array of Illicit Offerings

In addition to phishing tools, scammers can buy “web shells” through Telegram. These are compromised WordPress sites where phishing materials can be uploaded through a backdoor script. A single Guardio screenshot showed a user selling 50 shells for $20 worth of Bitcoin or USDT, a US Dollar-backed cryptocurrency.

Cybercriminals are also trading social media accounts, credit cards, and bank account logins on the platform. Telegram scammers have also been reported to misuse blue “verified” checkmarks to deceive users.

A History of Scams

Telegram has had its fair share of scams over the years. A scam centered around fake ads lured victims to Telegram to divulge sensitive information, stealing over $6.5 million from victims between 2022 and 2023. Another impersonation scam targeted Telegram users last year, prompting the Singapore Police to issue a warning about scams on the platform.

Related news