The malicious use of Telegram is not surprising as the platform has been referred to as the “New Dark Web” in a previous report.
Cybersecurity experts at Kaspersky have identified a new trend in phishing techniques, with threat actors increasingly utilizing Telegram to automate their activities and provide various services.
In a recent advisory, Kaspersky web content analyst Olga Svistunova revealed that phishers create Telegram channels to educate their audience about phishing and share links to these channels via YouTube, GitHub, and phishing kits. Many of these channels offer tools to automate malicious workflows, such as generating phishing pages or collecting user data.
While the phishing kits used in these campaigns are relatively basic, typically consisting of a script that captures user credentials and forwards them to a bot, Svistunova noted that they are still effective. For example, victims clicking on links promising incentives like 1000 likes on TikTok may be presented with a convincing login form that resembles the real thing.
Kaspersky also observed Telegram channels used for selling online banking credentials, with scammers extracting and selling account balances, charging higher prices for accounts with higher balances.
Additionally, some Telegram channels were found to be advertising phishing-as-a-service operations, offering subscriptions with customer support for regular updates on phishing tools, anti-detection systems, and links generated by phishing kits.
The malicious use of Telegram is not surprising as the platform has been referred to as the “New Dark Web” in a report from 2021 from Cyware. Furthermore, there have been numerous reports highlighting how Telegram groups have become a central hub for selling malware, bots, and ransomware, as well as announcing attacks by criminal gangs.
Despite the various techniques employed by phishers on Telegram, Kaspersky highlighted that there are ways to identify them, such as detecting malicious sites generated by phishing bots that are hosted in the same domain or share parts of HTML code. Since the emergence of these domains, Kaspersky has detected a total of 1483 attempts to access pages located within them.
The growing use of Telegram by phishers highlights the need for continued vigilance and awareness of evolving phishing techniques in the cybersecurity landscape.
Protection against phishing attacks
While common sense is a valuable defence against phishing scams, here are 5 effective ways to protect yourself and your organization from falling victim to phishing attacks:
- Be cautious with emails: Do not click on any suspicious links or download any attachments from unknown senders. Verify the legitimacy of emails, especially those requesting sensitive information, by double-checking the sender’s email address and looking for signs of phishing, such as misspelled words or unusual requests.
- Avoid sharing personal information: Do not share sensitive information, such as passwords, social security numbers, or credit card details, over email or other communication channels unless you are certain of the recipient’s identity and the security of the communication channel.
- Keep software up-to-date: Regularly update your operating system, web browsers, and all software installed on your devices. This helps to patch security vulnerabilities that can be exploited by phishing attacks.
- Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring additional authentication, such as a fingerprint, a text message code, or a hardware token, in addition to your password. This can significantly reduce the risk of falling victim to phishing attacks.
- Educate yourself and be vigilant: Stay informed about the latest phishing techniques and trends. Be wary of unexpected emails or messages, especially those that create a sense of urgency or ask for immediate action. Think twice before clicking on links or providing personal information, and report any suspicious emails or messages to your IT department or the relevant authorities. Always practice vigilance and scepticism when dealing with online communications.