Phishing Attack on Telegram: My Experience and Countermeasures
Hello everyone! Recently, a phishing campaign swept through Telegram, leading to many users losing access to their accounts. Coincidentally, I received one of these phishing links from a compromised account and decided to investigate how it works.
🔍 How the Attack Works:
- Telegram's link embedding feature makes URLs appear legitimate, especially on smartphones where the real link isn’t easily visible.
- Clicking the link redirects you to a site asking you to scan a QR code or insert code from sms.
- Scanning the code assigns your account to the attacker’s device.
The phishing site was professionally crafted, interacted with the Telegram API, and looked convincing. Only a careful examination of the link reveals its fraudulent nature.
⚠️ What Are the Risks?
- Losing access to your account.
- Your account being used for blackmail, spam, or other malicious activities.
🚨 What I Did:
- Used Whois to find the domain registrars’ contact information.
- Submitted detailed complaints to the registrars.
I hope these domains get blocked, saving at least some accounts from being compromised.
🛡️ My Advice:
Be vigilant! Never click on suspicious links, even if they appear “legitimate” and come from a familiar account.