In November 2020, there was an attempted major Telegram scam. Multiple popular channels with hundreds of thousands of subscribers Baza, Durov’s Code, Dvach have tried to steal control of their sites through phishing correspondence. An ordinary Telegram user can easily become a victim of fraudsters, just like any channel administrator. However, in this case, they will lose their personal and payment information, not the well-publicized, incomegenerating site.
How to hijack promoted channels on Telegram?
Attackers use social engineering: they prepare for the conversation by disguising their operation as an advertising negotiation. At the final stage, they offer to download an archive file that allegedly contains a presentation of the product whose advertising they want to pay for. This archive contains malicious software which takes control of your Telegram accounts and sends the data to an intruder. To the credit of the administrators of the channels listed at the beginning, almost none of them fell for phishing except the unofficial Reddit channel, which was used as an example to study the malicious effect .
Telegram search is implemented in such a way that it is sometimes very hard to manually find the desired channel. For example, when trying to find a famous blogger’s channel, it is not uncommon to find several equally designed and similar to each other channels with a comparable number of subscribers on Telegram it is still fairly easy to get them added quickly . Only one channel can be real, and the rest are filled with phishing and advertising content without users knowing it.
How to find a real telegram channel among similar fake ones?
Let’s take the popular blogger Edward Beale, who has a Telegram channel, as an example. The channel has many fraudulent clones in Telegram – there are more than ten of them. How to find the original? Go to YouTube, where the blogger has a checkmark verifier. This verified channel’s profile description has a link to Beale’s official Telegram-channel, which is the real channel. It is safer to look for other official channels in the same manner, not through a search for Telegram itself, but through an external, verified source.
It is worth noting that channels marked for various malicious activities are periodically labeled SCAM “fraudsters” by the Telegram administration. .But so far, many blatantly fraudulent channels do not have it, so treat it this way: if there is a SCAM tag, you should definitely shut down the channel and forget about it. If it is not there, you should definitely check the other signs of fraud. Also, always keep anti-virus on your computer and phone, and most importantly, be aware of your digital security before you click on anything
Precautions to watch out for
Caution should be exercised if:
You are suggested to follow an external link to a site with a suspicious address
● You are offered easy earnings, investments in times of crisis and other “free cheese.”
You are offered to switch to another channel with a name or the first message similar to “Money to everyone’s card”, saying the channel has been “moved
You are offered a link to a secret chat room with a limited number of places. Another option – they send you a message about a prize for subscribing to the channel, which can be obtained through a link
● You are offered to download files from external archives and attached files-archives and executable files. You don’t need to download them at all, no matter what they’re called videos, spreadsheets, bills, self-extracting archives, and more . These files can contain malware that can easily infiltrate your computer or phone and steal personal information or payment data. There is an additional risk for channel administrators – channels can be stolen from them via such phishing message.
“Unfortunately, many users still believe that their digital security is the responsibility of the platform they use – whether it’s a social network, messenger, video streaming service, online banking, an app for ordering goods and services, and more. In reality, it turns out that the responsibility for digital security lies with the user – no site can restrict its users from all risks. At least as long as scammers use social engineering. Analyze your online activities and improve your digital hygiene. Remember that online you are defending, but the fraudsters are attacking,” summarized Ilya Loevsky, Deputy Head of Roskatchestvo.
