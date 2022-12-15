Fraudsters began to use a new scheme in Telegram, offering users supposedly free access to a premium account. In fact, following the link can result in identity theft. Izvestia found out how scammers use this and other schemes to deceive on Telegram.

Dangerous “gift”

A reader who received a link to a “gift” — supposedly free access to a premium account — told Izvestia about the new scheme of scammers in Telegram. The girl did not follow the link. Later, the sender wrote that he had been hacked and asked to delete the message.

The Telegram Premium subscription became available to Russian users in June 2022. It offers an advanced set of features, including a larger archive, animated emoji, status icons, and more. The subscription price is 299 rubles per month.

Almost immediately after the option appeared, messenger users found a vulnerability in it that allowed them to pay for Premium once, and then give the subscription to friends for free. Vladimir Zykov, Director of the Association of Professional Users of Social Networks and Messengers, told Izvestia about this.

“People were selling premium accounts for pennies (for example, 100 rubles for a year of use), until in November the administration of the messenger discovered this error and canceled access to everyone from whom it was acquired illegally,” the expert says.

Free access to Telegram Premium has stopped, but now scammers have decided to use this trick. According to Synergy Academy and Product Lead teacher at Skolkovo Artur Karapetov the links they send out can hide anything, such as files infected with viruses.

– In addition, you may be stolen bank or other accounts that are on your device, he explains. — Social networks may also start sending messages to all your friends. Or the device will be made part of a botnet and will start sending malicious requests from it.

Fraud methods

Speaking of messenger scams, it is important to understand that Telegram is just another way to communicate. The essence of the schemes does not change — the same thing happens on social networks and on the phone, noted in an interview with Izvestia, the head of the Narodny Front project “For the Rights of Borrowers”, the coordinator of the Moshelovka platform, Evgenia Lazareva.

At the first stage scammers bring the victim to a dialogue. To do this, they pretend to be familiar or trusted channels, disguise themselves as advertisements (and sometimes give real advertisements), or call bypassing the anti-fraud protection of operators. The next step is to send a phishing link or a simple request to transfer money directly to the account.

Another type of fraud is account theft. According to Evgeny Egorov, Leading Analyst of the Digital Risk Protection Department at Group-IB, in this case, for example, a script with asking you to vote for your child’s work in a drawing competition. To leave your vote, you need to enter your data in a phishing form and indicate the authorization code in the messenger.

This type of crime is especially typical for Telegram, which has long ceased to be just a messenger and has turned, in fact, into a social network, where there are channels with hundreds of thousands and even millions of subscribers.

Telegram is much better protected than WhatsApp or Viber. These messengers have user agreements that allow owners to get contacts from the address book or, conversely, data of users who have the right person in their contacts, as well as metadata once every 15 minutes,” explained Evgenia Lazareva.

According to her, WhatsApp owner Meta (recognized as extremist in Russia) has the right to turn off end-to-end encryption for some users and save their correspondence and conversations on their own servers or the servers of the organization that requested them. Further, a search using neural network technology allows you to find data on a specific request and highlight, for example, social activists, mobilized and their family members, volunteers.

How exactly the criminals use the information received, one can only guess. Moshelovka has repeatedly encountered situations when scammers wrote to the relatives of mobilized people that the person was allegedly in captivity and a ransom was needed, although in reality this was not the case.

“Of course, it is possible to reach such people through the contacts left in social networks and through the merged contact databases, but the simultaneous massive and very accurate attack makes us think that the selection was hardly random,” said Evgenia Lazareva.

In her opinion, Telegram is better protected than other messengers in this regard: all that can be obtained as a result of a leak is the user’s phone number and IP address. However, this is where complex types of fraud are increasingly being recorded.

Schemes in Telegram

According to Evgenia Lazareva, Now there are several variants of fraud spread in Telegram. One of them is related to bots, which are launched in response to any event that excites society.

– We noted a particularly strong wave at the end of September: bots appeared, allegedly allowing you to check on the base whether a particular citizen is subject to mobilization. Concerned people voluntarily gave the fraudsters a phone number, address, and document details. All this allows criminals to fine-tune the tools of social engineering or blackmail both the person himself and his relatives, – says the interlocutor of Izvestia.

Another scheme that is widely used by scammers is designed for owners of Telegram channels. A person is offered help in promoting them, and the scammer either takes the money and disappears, or requires administrator rights (supposedly for promotion). Then the attacker begins to blackmail the owner by posting inappropriate content or embezzles money from the sale of advertising.

In some cases, a person is lured into access to the phone (for example, through a program for remote control of the device) and the mailbox of the channel owner, and with them – to the bank account.

“Sometimes scammers pose as large advertisers and offer to receive payouts through an “identification” link leading to a phishing resource created to steal access to the channel. The return of the channel, of course, is paid, ”concluded Lazareva.

Fake Accounts

Another important problem associated with the popular messenger is fake accounts.

— In November, she touched on our colleague, the author of a book on financial literacy. The scammers created a very similar account: they replaced one character in the username, stole the avatar photo, personal data and, most importantly, the contact list. Then there was a mailing list to the contact list with an advertisement for a cryptocurrency exchange,” said Evgenia Lazareva.

In this case, she notes, it was a targeted attack on a specific user: either very expensive (to steal the contact list, you need to hack into the account), or carried out by someone close to the victim.

— Hacking Telegram is much easier if the devices of the offender and the victim are, for example, in the same Wi-Fi network, so you should not connect to public networks in parks, transport or, like our colleague, in a hotel, – says the interlocutor of Izvestia.

According to her, In the near future, Moshelovka specialists expect an increase in the number of scams with fake accounts, including corporate ones: Telegram has launched auctions for the sale of “beautiful” usernames, including repeating the names of large companies. They could be bought by both official representatives of these organizations and scammers, for whom this is a bargain.

As Lazareva notes, scammers are also cashing in on the very idea of ​​auctions: a copy of the site has already been created, where “beautiful” TG names are sold. Two important differences from the original: you can’t buy a nickname there, but the site will try to access your crypto wallet.

Protection Mechanisms

In order not to fall for the hook of scammers, experts urge to observe certain security measures in Telegram.

– To minimize possible risks, you should use complex passwords and additional means of protecting your account, such as two-factor authentication (cloud password), – Evgeny Egorov, Leading Analyst of the Digital Risk Protection Department at Group-IB, advises.

Kaspersky Lab cybersecurity expert Dmitry Galov recommends at the slightest doubt, scan the sent files or archives for threats. It is important to install a security solution on devices where it is possible.