Telegram took care of phishing – Newspaper Kommersant No. 7 (7452) dated 17.01.

Telegram users are facing an increase in phishing attacks on accounts, as a result of which the attacker kidnaps them. First of all, bots are used for this. Business accounts were also under attack – over the year, the number of attacks on them in Telegram has doubled, experts say. The most dangerous is a simple scheme with mass mailings that exploit the latest news, but new methods of authorization in the messenger can also carry risks.

Cybersecurity specialists are talking about an increase in the number of incidents in the Telegram messenger. The Security Code reported that by the beginning of 2023 in Russia, phishing (a method of Internet fraud in order to gain access to confidential user data) had become one of the main methods of fraud in the messenger, which is associated with an influx of audience.

According to the American Cofense, engaged in the fight against cyberattacks, the growth of phishing in Telegram was 800% in 2022, “in the first place, attackers used bots for these purposes.”

Group-IB reported that at least 1,000 fraudulent groups operating and coordinating actions on Telegram have already been identified in Russia, including 34 active Russian-speaking groups for the distribution of “stealer programs” that are used by attackers to steal user accounts. On average, the chat of each group consists of about 200 participants, said Evgeny Egorov, Leading Analyst of Group-IB of the Digital Risk Protection Department.

A noticeable number of messenger users in the past and current years have encountered schemes in which attackers tried to steal accounts using fake resources, where they were encouraged to enter data to enter the messenger, says Olga Svistunova, Kaspersky Lab content analyst.

Phishing messages are being sent to steal credentials, as well as messages containing malicious attachments under the guise of various documents that are relevant to users, Ekaterina Semykina, an analyst at the Positive Technologies research group, confirms. “The attacks are aimed at hacking accounts and gaining control over popular channels and groups in the messenger,” she says. According to the company, bots are often used to compromise the victim’s account.

Among the latest high-profile phishing attacks is the distribution at the end of December 2022 through the contacts of Telegram users of an alleged gift subscription to the premium version of the messenger, upon activation of which the attackers gained access to the victim’s account. The scammers tested a similar mechanism in online voting, in which they asked “friends” to participate (see Kommersant of December 28, 2022). Another high-profile incident was the distribution of the “new list of mobilized” in early January: under the pretext of reading it, data was stolen from the link.

The blocking of Instagram and Facebook (the activity of Meta, which owns social networks, is recognized as extremist in the Russian Federation and banned) in Russia since February 2022 and the closure of advertising accounts on the platforms led to the migration of the audience to Telegram, says Anti-Phishing director Sergey Voldokhin. This is partly related to new fraudulent schemes. “Cases of the theft of Telegram channels with monetization settings have become more frequent,” he notes. According to the company, the number of attacks on businesses that used the messenger as an additional channel doubled in 2022.

Evgeny Antipov, the owner of the Eye of God Telegram bot, believes that the new method of authorization in the messenger carries more risks and poses a more serious danger to users than phishing. In mid-2022, Telegram stopped sending the authorization code via SMS: logging in to a PC client or browser now requires an activated messenger client on a mobile device, where the code is sent. An attacker, for whom it is important to get into the victim’s Telegram account, can hack an account if he sets up call forwarding to his phone number, confirming his identity for the victim, Evgeny Antipov believes, “for this, it is enough to use the passport data that can be found in published by hackers in 2022 databases.

Tatyana Isakova