Recently, criminals began using a new scheme to steal Telegram accounts. Its essence is that someone from the users’ contact list offers them to take part in an online survey and sends them a link asking to click on it so that it would take them to the survey.
Kaspersky Lab experts warn against clicking on suspicious links if you don't want to lose your account.
In fact, the author of a suspicious message is not one of your contacts, but a criminal who stole the account of one of your contacts. The version of the link he sends is obtained by a link shortening service, so the user cannot tell at a glance what the link is. What's more, it's even harder to trace the origin of the link with anti-phishing tools.
When a user clicks on the link, he is taken to a regular website, which is actually a phishing page. There he is asked to vote for the contestants, but in order for the user's vote to be counted, authorization is required. There is a field for entering a phone number and entering a verification code, which is supposedly sent to the Telegram user.
If the user enters his phone number, attackers use a special code to access his account from a new device. If the user has two-factor authentication enabled, the login confirmation code is sent to the device where the account is already activated. If the user enters the received code on the phishing page, the attackers already have full control over their account and it becomes their property.
The experts advise under no circumstances enter the identification code received from Telegram anywhere except in the Telegram app itself. To improve security, it is also recommended to enable two-factor authentication in the messenger. And, of course, never click on suspicious links sent to you via messenger or email.
If you become a victim of the described trick and still enter the received code on a phishing site, you can try to regain control over your account immediately enter "Settings" menu, click "Active sessions" and click "Teminate all other sessions."