<p>How to Avoid Telegram Scams?</p><p>Recently, Telegram, a cross-platform instant messaging (IM) application, has seen a spate of account thefts through illegal means and hackers used these compromised accounts to commit fraud.</p><p>In response to recent Telegram account thefts, Beosin&#39;s security research department lists Telegram&#39;s common scams and shares guidance on how to avoid them.</p><p>Telegram Scams</p><h2 id="header-0">Obtain your phone screens with the Telegram Login code</h2><p>Recently, there is a relatively new type of scam, where scammers pretend to be friends and take screenshots of Telegram chats for various reasons. It seems that there is no danger, but at the moment, scammers are trying to log in to Telegram using your mobile phone number. When a screenshot is sent with a login code, it will be used by scammers to successfully log into your Telegram account. Details of the scam process are as follows:</p><p>1. get the phone number for your Telegram account.</p><p>If your Telegram account is set to be visible to anyone, your phone number will be seen by anyone including scammers, or they will first get your friend&#39;s account and then look up your phone number.</p><p>2. Cheat the login code.</p><p>Scammers always tell you that there is a problem with your account and cheat your screenshots. Meanwhile, they try to log in your account by entering your phone number on a new device.</p><p>Take the following verbal tricks for example:</p><p>(1) There are two identical contacts in the interface: when an encrypted chat is created for a contact, two identical contacts appear in the chat list. The encrypted chat communication shown below has a lock icon in front of the name.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_679902_O_zVzrzeQZpKkFSM_1676251461?w&#61;755&amp;h&#61;1019" /></p><p>(2) Need friends to help unlock his/her account: Scammers will say that his/her account was officially restricted and need friends to send a verification code to help unlock his/her account.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_653124_cJt-fBB5kO66Rr-e_1676251481?w&#61;498&amp;h&#61;503" /></p><p>3. log in to your account to continue the fraud</p><p>When you inadvertently send screenshots with a login code to scammers, if your account does not open two-factor authentication, scammers can use the login code to log into your account. Then scammers will delete all the devices, change the password, and then continue to cheat other people in your contact list.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_997546_R0w6Eu8_imaq47lh_1676251507?w&#61;475&amp;h&#61;368" /></p><h2 id="header-1">Scam messages sent by fake Telegram Official account</h2><p>Scammers will pretend to be TG&#39;s official account to send you a message which claims that your TG account violates the usage rules and will be restricted. You need to access a website that they provide for you. If you click the phishing link, your account will probably be compromised.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_41996_-RbC-6ks8VBXx1XP_1676251526?w&#61;815&amp;h&#61;458" /></p><h2 id="header-2">Third-party applications with a backdoor</h2><p>Since there is no Chinese version installation package, users often use search engines to find a Chinese one. Thus, scammers use SEO optimization to direct their Telegram download site and induce users to download their malicious applications.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_274119_TSjFYrSezU0YwbWr_1676251542?w&#61;737&amp;h&#61;720" /></p><p>When users download TG with a backdoor, their chats will be scanned. If there is any crypto wallet address in the chats, the address will be replaced by the scammers’ address and users are cheated to transfer their funds to scammers.</p><p>In this example, a user downloaded a Chinese-version telegram client on the website http://www.telegram-china.org (right now unaccessible) and sent a trx address:</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_514754_PzP2RxdqMCahFn0a_1676251555?w&#61;492&amp;h&#61;310" /></p><p>At that time, the address was TNpEa9PoqWsoPcTdTqUUdrYJbqhVLoSVFh. Then it was replaced by another address when the app was reopened.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_488180_-n7-TO_RncWyzmie_1676251609?w&#61;494&amp;h&#61;304" /></p><h2 id="header-3">Malicious Telegram Chinese language packs</h2><p>A telegram channel(https://t.me/zh_CN_Telegram_zh_CN_CN_zh_ch_zn) was reported to be a fake channel. The official channel for Chinese language packs is <a href="https://t.me/zh_CN" rel="noopener noreferrer nofollow">https://t.me/zh_CN</a> which stops updating because of a lack of developer support. The fake channel had almost 800000 subscribers when it was found a scam that offered a Chinese language pack with a backdoor.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_509794_4akj1obDq_oAdg3M_1676251638?w&#61;812&amp;h&#61;622" /></p><p>Our security experts have analyzed the language pack file and found that it would escape the detection of security software and avoid analysis of the sandbox by detecting the movement of the mouse.</p><h2 id="header-4">Telegram bot to cheat your password</h2><p>Foreign security researchers have found that some criminal organizations use Telegram bots to steal users&#39; OTP tokens and SMS authentication codes to complete 2FA (two-factor authentication). The attackers use Telegram bots to access account information, including calling victims, and impersonating banks and legitimate services. Through social engineering, the attackers also trick people into providing them with OTP or other authentication codes via mobile devices. Then, the scammers use the codes to defraud users of their money, passwords, session cookies, login credentials, and credit card details.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_723521_LbnTdM2vmRbI8-oG_1676251653?w&#61;389&amp;h&#61;800" /></p><h2 id="header-5">Crypto Scams</h2><p>scammers pretend to be cryptocurrency experts on Telegram to promote promises of a good return on investment in cryptocurrency. Scammers will either comment on Twitter or contact you directly on Telegram, claiming to be able to provide you with a high return on your investment.</p><p>If you believe their verbal tricks, scammers will ask you to open an account on their special cryptocurrency exchange. At that point, they&#39;ll show you a chart showing that your investment is increasing, but when you try to withdraw your funds, scammers will disappear with your funds.</p><p>Beosin Security Advice</p><p>We pose the following advice to help users avoid scams and loss on Telegram.</p><h2 id="header-6">Open two-factor authentication</h2><p>For your account safety, you are encouraged to set your password for two-factor authentication. This password is only required when your account tries to log in a new Telegram client.</p><p>Open Setting &gt; Privacy and Security &gt; Two-step Verification and set your password. You are also encouraged to set your recovery email in case that you forget your password.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_872087_bFZPytexZTdpMM2E_1676251668?w&#61;425&amp;h&#61;315" /></p><h2 id="header-7">Be careful to use a third-party client</h2><p>Check the way you downloaded the Telegram client. If you downloaded TG by using an installation package that was found on some websites, please uninstall it and reinstall TG by downloading the package on TG&#39;s official website. The third-party clients probably can control your account, read your entire chats and collect your device information. Thus, please download TG on its official website for safety.</p><h2 id="header-8">Do not send your personal information to Telegram bots</h2><p>Use Telegram bots with caution and do not disclose personal data, including names, user names, phone numbers, e-mail addresses, passwords, or any information that can be used to identify you.</p><h2 id="header-9">Be careful when you receive DMs from strangers</h2><p>Do not easily believe strangers&#39; DMs to avoid financial loss or information disclosure. If disturbed, you can choose to block them. When you receive unfamiliar files and links, do not click them without further careful checking.</p><h2 id="header-10">Check wallet address</h2><p>If you want to send the wallet address to someone, check the address with multiple verifications. It is better to take a screenshot of the wallet QR code and send the screenshot to others.</p><h2 id="header-11">Regularly check the devices that log in Telegram</h2><p>Check the status of devices’ IP addresses which log in Telegram periodically, and force the devices with abnormal IPs to be offline.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_219511_JKB3WzUuzMm4FpDH_1676251682?w&#61;1080&amp;h&#61;1436" /></p><h2 id="header-12">Do not share your phone number when you add contacts</h2><p>There is only a concept of Contacts instead of Friends on Telegram. When you add or delete some contact, your account will not be removed from his/her contact list. When you add a contact, you can uncheck the Share My Phone Number option which is checked by default.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_895585_9vQZZxy74fk-uSjZ_1676251702?w&#61;382&amp;h&#61;546" /></p><h2 id="header-13">Hide your phone number and add restrictions on joining groups</h2><p>You can hide your phone number, status, profile, and forwarded messages if you go to Setting &gt; Privacy and Security. You can set that you can not be added to a group if the adder is not in your contact list to reduce the risks of being cheated. Also, do not use the function “Add People Nearby”.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_781933_xD9BZN0a6x-TPBZj_1676251713?w&#61;386&amp;h&#61;376" /></p><p>Channel Verification function on the Beosin website</p><p>To avoid scams where scammers try to pretend to be Beosin employees, Beosin has added a Channel Verification function on our website.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_961256_dzHBFh8sheJlK8KF_1676251726?w&#61;1080&amp;h&#61;515" /></p><p>You can input the related information of the Beosin employees who try to contact you. If the information passes the verification, the employees are official and the contact is safe.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_781099_9nhisi2jAOTmD8jw_1676251733?w&#61;867&amp;h&#61;572" /></p><p>If not, the employees are probably scammers who pretend to be Beosin employees. You should be careful and avoid scams.</p><p><img src="https://wdcdn.qpic.cn/MTY4ODg1NjUzMDQ2MzM5NQ_507598_11xmBvvaBPyMjew7_1676251739?w&#61;955&amp;h&#61;639" /></p><p>That’s our sharing on security today and see you in the next sharing session!</p><p>Beosin is a leading global blockchain security company co-founded by several professors from world-renowned universities and there are 40&#43; PhDs on the team. It has offices in Singapore, Korea, Japan and other 10&#43; countries. With the mission of &#34;Securing Blockchain Ecosystem&#34;, Beosin provides &#34;All-in-one&#34; blockchain security solution covering Smart Contract Audit, Risk Monitoring &amp; Alert, KYT/AML, and Crypto Tracing. Beosin has already audited more than 3000 smart contracts and protected more than $500 billion funds of our clients. You are welcome to contact us by visiting the links below.</p><p>Contact</p><p>If you have need any blockchain security services, please contact us:</p><p><a href="https://beosin.com/" rel="noopener noreferrer nofollow">Beosin Smart Contract Security Audit Service | Code Review and Report</a> Beosin Smart Contract Security Audit Service | Code Review and Report <a href="https://twitter.com/Beosin_com" rel="noopener noreferrer nofollow">Official Twitter</a> <a href="https://twitter.com/BeosinAlert" rel="noopener noreferrer nofollow">Alert</a> <a href="https://t.me/beosin" rel="noopener noreferrer nofollow">Telegram</a> <a href="https://www.linkedin.com/company/beosin" rel="noopener noreferrer nofollow">LinkedIn</a></p>

How to Avoid Telegram Scams?

Spis treści

Beosin

Inne artykuły opublikowane 13 lut 2023

SafePal x ApolloX DeFi Fireside Chat Recap - Feb. 9, 2023

Community Asks: What are the Pros and Cons of a Pirate in Cryptopia?

Should Cardano (ADA) Add KYC? Charles Hoskinson Weighs In

Mississippi Senate Passes Bill To Protect Cryptocurrency Miners from Discrimination

Coinplug joins NCP as WONDER 10

4 RED HOT Crypto Metaverse Games

Zapisz się na bezpłatny newsletter i otrzymuj codzień aktualności ze świata kryptowalut!