How cybercriminals hijack Telegram accounts (2024)

Telegram users have recently begun encountering various Telegram messenger hijacking schemes. Things usually start off with a message from one of their contacts containing a link to some site. The bait can be an invitation to take part in an online vote or contest, a Telegram Premium gift or trial version, a request to sign a collective petition, or something else. What all these schemes have in common is the need to authenticate via Telegram — either by entering one’s phone number and a messenger verification code, or by scanning a QR code. But that’s precisely what you should not do, otherwise you’ll likely lose your account.

How the hijackers do it

Of course, there are no contests, no petitions, and no gifts. And the message was not written by a contact, but by an attacker who’s already hijacked that contact’s account (perhaps in the same way).

The links sent by the cybercriminals are usually created using a URL shortener service. Such tools are often used when the sender doesn’t want the real address of a site to be seen. What’s more, anti-phishing tools find it harder to spot such links.

More often than not, the site looks pretty modest. The first page displays a message like “Sign in and vote” or “Free access to the trial version of Telegram Premium”— depending on the scheme in question. Next comes the messenger login screen. There are two variants here: those who opened the site on a desktop are prompted to log in using a QR code, while those on a mobile device are asked for their country and phone number. Sometimes (as shown in the screenshots) the attackers let the victim choose the more convenient option.

How cybercriminals hijack Telegram accounts (1)

A cybercriminal site asking how you’d like to lose your account: by QR code or by entering a phone number.

If you provide your phone number, the attacker’s scripts log in to your Telegram account from a new device. The messenger’s security mechanism requires user confirmation and sends a verification code to your phone or computer where Telegram is already authorized. With Telegram’s two-factor authentication (2FA) turned off, this code and the phone number are all that the attackers need to log into your account. If you enter this code on the fraudsters’ site, they’ll have full control over your account, including the ability to link it to another device.

With a QR code, it’s even more straightforward— a verification code isn’t even needed. The thing is, it’s not a QR code for logging in from your phone. What it is, in fact, is a code to connect an additional device or web session to your account. If you scan this code as per the instructions, the attackers will automatically log in to your account and take control of it.

If you’re curious about other common phishing tricks, check out our report on spam and phishing in 2022.

Why cybercriminals want your account

Your stolen account can be used in various ways. The most obvious is to send out more fraudulent links to your contacts, but there are other uses too.

For starters, your account is full of data that could be used in other criminal schemes. Via the desktop version of Telegram, the bad guys can export your contact list, personal data, chat history, or files you’ve uploaded and received— which can contain confidential information. For example, some people store document scans in Favorites for quick access.

After a little while, the hijackers might also call you and offer to return your account for a fee.

How to stay safe

To begin with, take care not to follow any suspicious links. And under no circ*mstances should you enter a Telegram verification code anywhere except in the Telegram app itself.

To make it a bit trickier to take over your account, we recommend enabling 2FA in the messenger. This will not interfere with day-to-day communication but will guard against login attempts from other devices by asking for an extra password, adding another layer of protection.

To enable 2FA in Telegram on your phone, go to SettingsPrivacy and Security and tap Two-Step Verification. After that, it remains only to set a password, create an optional hint in case you forget it, set up a recovery e-mail, and enter a confirmation code that you’ll receive in your mailbox.

What to do if you took the bait

If you’ve already fallen for a scam and entered a code on a fake site, there’s still hope. By acting quickly, you can regain control of your account. Go to Settings → Devices and tap Terminate all other sessions.

How cybercriminals hijack Telegram accounts (2024)

References

Top Articles
Used 2003 Toyota Camry for Sale (with Photos)
Used 2003 Toyota Camry for Sale Near Me (with Photos)
Navicent Human Resources Phone Number
Whas Golf Card
Aberration Surface Entrances
The Ivy Los Angeles Dress Code
How to Type German letters ä, ö, ü and the ß on your Keyboard
Palace Pizza Joplin
Jasmine
Rls Elizabeth Nj
FIX: Spacebar, Enter, or Backspace Not Working
The Weather Channel Facebook
Regal Stone Pokemon Gaia
Gas Station Drive Thru Car Wash Near Me
Miss America Voy Forum
Luna Lola: The Moon Wolf book by Park Kara
Ts Lillydoll
Magic Mike's Last Dance Showtimes Near Marcus Cedar Creek Cinema
Operation Cleanup Schedule Fresno Ca
Jinx Chapter 24: Release Date, Spoilers & Where To Read - OtakuKart
Www Craigslist Milwaukee Wi
Jalapeno Grill Ponca City Menu
Copart Atlanta South Ga
Golden Abyss - Chapter 5 - Lunar_Angel
Erica Banks Net Worth | Boyfriend
Td Small Business Banking Login
FDA Approves Arcutis’ ZORYVE® (roflumilast) Topical Foam, 0.3% for the Treatment of Seborrheic Dermatitis in Individuals Aged 9 Years and Older - Arcutis Biotherapeutics
Kringloopwinkel Second Sale Roosendaal - Leemstraat 4e
Www.publicsurplus.com Motor Pool
Hampton University Ministers Conference Registration
Gotcha Rva 2022
Aliciabibs
Finding Safety Data Sheets
Student Portal Stvt
Rural King Credit Card Minimum Credit Score
Evil Dead Rise Showtimes Near Regal Sawgrass & Imax
Missing 2023 Showtimes Near Mjr Southgate
Urban Blight Crossword Clue
First Light Tomorrow Morning
Yoshidakins
Facebook Marketplace Marrero La
The 50 Best Albums of 2023
Husker Football
Live Delta Flight Status - FlightAware
התחבר/י או הירשם/הירשמי כדי לראות.
Exploring the Digital Marketplace: A Guide to Craigslist Miami
Swsnj Warehousing Inc
Bf273-11K-Cl
Verizon Forum Gac Family
Congressional hopeful Aisha Mills sees district as an economical model
Tamilyogi Cc
Latest Posts
Article information

Author: Merrill Bechtelar CPA

Last Updated:

Views: 6186

Rating: 5 / 5 (70 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Merrill Bechtelar CPA

Birthday: 1996-05-19

Address: Apt. 114 873 White Lodge, Libbyfurt, CA 93006

Phone: +5983010455207

Job: Legacy Representative

Hobby: Blacksmithing, Urban exploration, Sudoku, Slacklining, Creative writing, Community, Letterboxing

Introduction: My name is Merrill Bechtelar CPA, I am a clean, agreeable, glorious, magnificent, witty, enchanting, comfortable person who loves writing and wants to share my knowledge and understanding with you.