Telegram users have encountered several account hijacking scams recently, which usually start with a message from a contact with a link to a website, the message contains an invitation to enter or receive a survey or sweepstakes via A-lines as a gift. Access to a paid version of the app (Telegram Premium), an invitation to sign a group petition, or other.
All of the above options have in common the need to authenticate yourself via Telegram, either by entering a personal phone number and a verification code sent to you, or by scanning a QR (Quick Response) code. But this is exactly what you should not do or you may lose your account.
How do you hack Telegram accounts?
Of course there are no contests, no petitions, no giveaways, and most importantly, this message with the link was not originally written by your friend, but by a hacker who could have hijacked your friend's account in the same way.
URL shortening is often used by cybercriminals to build the link they send you, and these tools are often used when the sender does not want to reveal the real address of the website. Even worse, it is difficult for anti-phishing tools to detect these links.
The design of the site usually looks very simple because on the first page there is a message like: Register and vote or access the free trial of the paid version of Telegram Premium - depending on the plan - followed by the Telegram login screen, here are two methods First, users who open the site need to Web from the desktop version to QR code login. Secondly, mobile app users need to enter their country name and phone number.
If you write down your phone number, the hacking script will log you into your Telegram account from a new device, and if you enter this code on the hacker's website, the app's security mechanism will prompt you to send a verification code to your phone. Or the computer user confirms that they have full control of your account so they can connect it to another device.
It's easier if you use a QR code because there isn't even a verification code, no QR code for phone login, but there is a code that unlocks your account on new devices or opens one with your new web sessions if if you scan that code as instructed , the attacker will automatically log into your account and take control of it.
Why do cybercriminals want your Telegram account?
Your hacked account can be used in different ways; The most obvious way is to send more spooky links to your contacts, but there are other uses as well.
First of all, your account is full of data that could be used for other criminal activities. Through the desktop version of Telegram, hackers can extract your contact list, personal information, chat history, or files you download and receive that may contain sensitive information. For example, some people save scanned documents to a list (favorites) for easy access. After some time, the hacker may contact you and offer to recover your account for some money.
How do you protect your account?
The first and most important piece of advice from the security experts at Kaspersky is not to click on any suspicious links and definitely not to enter the verification code sent by Telegram anywhere other than in the Telegram app itself.
To make it more difficult to hack your account, Kaspersky experts recommend enabling 2FA (two-factor authentication) in Telegram, as it protects your account from login attempts from other devices, adding another layer of protection.
To enable the two-factor authentication feature in the Telegram app, you can do so by following these steps:
- Go to the Telegram app on your phone.
- Click on the options menu with three horizontal lines in the upper left corner.
- Click on the (Settings) option.
- Click Options (Privacy and Security) Privacy and Security.
- Click Options (2-Step Verification) Two-Step Verification and follow the on-screen steps to enable it.
What would you do if your account was hacked?
If you've been tricked into entering a verification code on a fake website, you can take back control of your account by taking quick action by logging out of all devices that have access to your account. You can do the following steps:
- Go to Settings in the Telegram app.
- Click on the Hardware option.
- Click the "End all other sessions" option to sign out of all devices that have access to your account.