Guardio, a cybersecurity startup, has recently brought to light the fact that the popular messaging app, Telegram, is breeding ground for scammers to buy and sell harmful phishing kits. With over one billion downloads and 700 million monthly users, the app has become a prime target for cyber criminals looking to exploit its user base. The ease of access and cheap prices of many phishing tools make Telegram an attractive platform for scammers to operate.
The report by Guardio reveals alarming insights into the prevalence of phishing kits on Telegram that can easily hack users’ social media and bank accounts logins. This growing trend is fueled by the existence of numerous phishing groups on Telegram, where scammers share data and use phishing tools for hacking and phishing.
While Telegram’s terms of service explicitly prohibit the sending of spam or scamming users, it has not taken effective action against these scammers, allowing them to operate with impunity. The CEO of Telegram, Pavel Durov, asserts that the company does remove millions of harmful content from its app and website; however, the surging presence of cybercriminals on Telegram seems to contradict this claim.
The allure of Telegram lies in the availability of a wide range of phishing tools and products that are sold at affordable prices to make such scams accessible to all kinds of criminals, seasoned or new. Some of the expensive phishing tools available on Telegram allow scammers to create fake pages that can easily bypass two-factor authentication (2FA). In addition, there are bots on Telegram that run cryptocurrency giveaways, where buyers can opt for different types of illegal Tesla and Space-X-themed products.
Moreover, a terminoligy called ‘web shells’ is popular among scammers who use them to create websites with phishing materials on WordPress by a backdoor script. For instance, a scammer was selling 50 shells for $20 worth of Bitcoin, and many clients were placing orders through Telegram messages. The problem is further compounded by the sale of social media accounts, credit cards, and bank account logins by cybercriminals, some of whom use verified blue ticks to appear trustworthy.
Nevertheless, Telegram’s inaction in addressing these issues may have far-reaching consequences. For instance, in 2022, a Telegram scammer reportedly stole $6.5 million from unsuspecting users by luring them into divulging their personal information. This incident raises concerns about the lack of effective measures to combat fraudulent activities on the platform and protect users from falling victim to such scams.
The widespread presence of cyber scammers on Telegram reflects an urgent need for the company to step up its security measures and enforcement actions. This is essential to ensure the safety and protection of the large user base that relies on Telegram for communication. As the popularity of the app continues to grow, the risk of malicious activities also increases. Therefore, Telegram must take swift and decisive action to address these concerns and create a secure online environment for its users. Failure to do so will only expose more users to potential harm and financial losses at the hands of cyber criminals.