Recently, Telegram, a cross-platform instant messaging (IM) application, has seen a spate of account thefts through illegal means and hackers used these compromised accounts to commit fraud.

In response to recent Telegram account thefts, Beosin security research department lists Telegram common scams and shares the guidance of how to avoid them.

Telegram Scams

Obtain your phone screens with Telegram Login code

Recently, there is a relatively new type of scam, where scammers pretend to be friends and take your screenshots of Telegram chats for various reasons. It seems that there is no danger, but at the moment, scammers are trying to log in to Telegram using your mobile phone number. When a screenshot is sent with login code, it will be used by scammers to successfully log into your Telegram account. Details of the scam process are as follows:

1. Get the phone number for your Telegram account.

If your Telegram account is set to be visible to anyone, your phone number will be seen by anyone including scammers, or they will first get your friend's account and then look up your phone number.

2. Cheat the login code.

Scammers always tell you that there is a problem with your account and cheat you screenshots. Meanwhile, they try to log in by entering your phone number on a new device.

Take the following verbal tricks for example:

(1) There are two identical contacts in the interface: when an encrypted chat is created for a contact, two identical contacts appear in the chat list. The encrypted chat communication shown below has a lock icon in front of the name.

(2) Need friends to help unlock his/her account: Scammers will say that his/her account was officially restricted and need friends to send verification code to help unlock his/her account.

3. Login your account to continue fraud

When you inadvertently send screenshots with login code to scammers, if your account did not open two-factor authentication, scammers can directly use the login code to log into your account. Then scammers will delete all the devices, change the password, and then continue to cheat other people in your contact list.

Scam messages sent by fake Telegram Official account

Scammers will pretend to be TG official account to send you a message which claims that your TG account violates the usage rules and will be restricted. You need to access a website which they provide for you. If you click the phishing link, your account will probably be compromised.

Third party applications with a backdoor

Since there is no Chinese-version installation package, users often use search engines to find a Chinese one. Thus, scammers use SEO optimization to direct their Telegram download site and induce users to download their malicious applications.

When users download TG with a backdoor, their chats will be scanned. If there is any crypto wallet address in the chats, the address will be replaced by scammers’ address and users are cheated to transfer their funds to scammers.

In this example, a user downloaded a Chinese-version telegram client in the website http://www.telegram-china.org (right now unaccessible) and sent a trx address:

At that time, the address was TNpEa9PoqWsoPcTdTqUUdrYJbqhVLoSVFh. Then it was replaced by another address when the app was reopen.

Malicious Telegram Chinese language packs

A telegram channel(https://t.me/zh_CN_Telegram_zh_CN_CN_zh_ch_zn) was reported to be a fake channel. The official channel for Chinese language packs is https://t.me/zh_CN which stops updating because of lack of developer support. The fake channel had almost 800000 subscribers when it was found a scam which offered a Chinese language pack with a backdoor.

Our security experts have analyzed the language pack file and found that it would escape detection of security software and avoid analysis of sandbox by detecting the movement of mouse.

Telegram bot to cheat your password

Foreign security researchers have found that some criminal organizations use Telegram bots to steal users' OTP tokens and SMS authentication codes in order to complete 2FA (two-factor authentication). The attackers use Telegram bots to access account information, including calling victims, impersonating banks and legitimate services. Through social engineering, the attackers also trick people into providing them with OTP or other authentication codes via mobile devices. Then, the scammers use the codes to defraud users of their money, passwords, session cookies, login credentials, and credit card details.

Crypto Scams

scammers pretend to be cryptocurrency experts on Telegram to promote promises of a good return on investment in cryptocurrency. Scammers will either comment on Twitter or contact you directly on Telegram, claiming to be able to provide you with a high return on your investment.

If you believe their verbal tricks, scammers will ask you to open an account on their special cryptocurrency exchange. At that point, they'll show you a chart showing that your investment is increasing, but when you try to withdraw your funds, scammers will disappear with your funds.

Beosin Security Advice

We pose the following advice to help users avoid scams and loss on Telegram.

Open two-factor authentication

For your account safety, you are encouraged to set your password for two-factor authentication. This password is only required when your account tries to login a new Telegram client.

Open Setting > Privacy and Security > Two-step Verification and set your password. You are also encouraged to set your recovery email in case that you forget your password.

Be careful to use a third party client

Check the way you downloaded Telegram client. If you downloaded TG by using a installation package which was found on some websites, please uninstall it and reinstall TG by downloading the package on TG official website. The third party clients probably have the ability to control your account, read your entire chats and collect your device information. Thus, please download TG on its official website for safety.

Do not send your personal information to Telegram bots

Use Telegram bots with caution and do not disclose personal data, including names, user names, phone numbers, e-mail addresses, password, or any information that can be used to identify you.

Be careful when you receive DMs from strangers

Do not easily believe strangers DMs to avoid financial loss or information disclosure. If disturbed, you can choose to block them. When you receive unfamiliar files and links, do not click them without further careful checking.

Check wallet address

If you want to send the wallet address to someone, check the address with multiple verification. It is a better choice to take a screenshot of the wallet QR code and send the screenshot to others.

Regularly check the devices that login Telegram

Check the status of devices’ IP addresses which login Telegram periodically, and force the devices with abnormal IP to be offline.

Do not share your phone number when you add contacts

There is only a concept of Contacts instead of Friends on Telegram. When you add or delete some contact, your account will not be removed from his/her contact lists. When you add a contact, you can uncheck Share My Phone Number option which is checked by default.

Hide your phone number and add restrictions of joining groups

You can hide your phone number, status, profile and forwarded messages if you go to Setting > Privacy and Security. You can set that you can not be added into a group if the adder is not in your contact list to reduce the risks of being cheated. Also, do not use the function “Add People Nearby”.

Channel Verification function on Beosin website

To avoid scams where scammers tries to pretend to be Beosin employees, Beosin has added a Channel Verification function on our website.

You can input the related information of the Beosin employees who try to contact with you. If the information passes the verification, the employees are official and the contact is safe.

If not, the employees are probably scammers who pretend to be Beosin employees. You should be careful and avoid scams.

That’s our sharing on security today and see you in the next sharing session!

Beosin is a leading global blockchain security company co-founded by several professors from world-renowned universities and there are 40+ PhDs in the team. It has offices in Singapore, Korea, Japan and other 10+ countries. With the mission of "Securing Blockchain Ecosystem", Beosin provides "All-in-one" blockchain security solution covering Smart Contract Audit, Risk Monitoring & Alert, KYT/AML, and Crypto Tracing. Beosin has already audited more than 3000 smart contracts and protected more than $500 billion funds of our clients. You are welcome to contact us by visiting the links below.

Contact

If you have need any blockchain security services, please contact us:

Official Twitter Alert Telegram LinkedIn