Phishing Attack on Telegram: My Experience and Countermeasures

Hello everyone! Recently, a phishing campaign swept through Telegram, leading to many users losing access to their accounts. Coincidentally, I received one of these phishing links from a compromised account and decided to investigate how it works.
Telegram Phishing Message

🔍 How the Attack Works:

  • Telegram's link embedding feature makes URLs appear legitimate, especially on smartphones where the real link isn’t easily visible.
    Telegram Phishing Link
  • Clicking the link redirects you to a site asking you to scan a QR code or insert code from sms.
    Telegram Phishing QR
    Telegram Phishing Phone Code
  • Scanning the code assigns your account to the attacker’s device.

The phishing site was professionally crafted, interacted with the Telegram API, and looked convincing. Only a careful examination of the link reveals its fraudulent nature.

Telegram Phishing Websockets

⚠️ What Are the Risks?

  • Losing access to your account.
  • Your account being used for blackmail, spam, or other malicious activities.

🚨 What I Did:

  • Used Whois to find the domain registrars’ contact information.
    Telegram Phishing WHOIS
  • Submitted detailed complaints to the registrars.
    Telegram Phishing WHOIS

I hope these domains get blocked, saving at least some accounts from being compromised.

🛡️ My Advice:

Be vigilant! Never click on suspicious links, even if they appear “legitimate” and come from a familiar account.