Fraudsters have recently been actively exploiting a new scheme to steal Telegram accounts by luring users to the so-called ‘Telegram for adults.’ The Izvestia newspaper writes about this with reference to information security specialists.
According to Olga Svistunova, a content analyst at Kaspersky Lab, the scheme is quite simple: the user is prompted to log in to а bot, which supposedly can find intimate photos of his friends and acquaintances. As soon as the user enters his data (phone number and confirmation code) on the phishing site where he is redirected, the attackers get full access to his account. From there, they can steal sensitive data, send fraudulent messages to his contacts, use his account for blackmail, and so on.
According to Alexander Vurasko, an expert at the Solar AURA external digital risk analytics center of RTK-Solar, fake authorization pages in the messenger are always similar, only the legend used to attract the victim changes. Someone can be attracted to the fake page by the opportunity to search for someone's intimate photos, the other by the opportunity to allegedly collect compromising information available on the network on a particular person. Sometimes, in order to steal accounts, attackers offered users to vote for the drawings of a child participating in the contest and sent a fake voting link, after which they stole access to the account of the victim.
Since in all such schemes an account is stolen when a user follows a third-party link and enters their data on a phishing site, protection against losing an account is quite simple: you should not follow suspicious links and enterthere your phone number or any confirmations codes you’ve received.
“The best option is to ignore any tempting offers and exercise due prudence when receiving such messages,” Alexander Vourasko said.
If you are going to enter a phone number, a confirmation code or any other data, be sure to pay attention to what kind of site it is: the domain name of the phishing site will differ from the official one, even if it’s only a slight difference.
It is also recommended to set up two-factor authentication on your account and not to click on links from suspicious messages, even if they were sent by friends.