Skip to main content

Telegram Takeover

Telegram thumbnail

5 AUG 2022

BACKGROUND

An increasing number of local Telegram users have reported to BruCERT since April this year that their accounts had been hacked or taken over. It is suspected that the number of unreported cases could be much higher.

 

MODUS OPERANDI

  • The user receives a message from Telegram containing a 5-digit login code as a result of the scammer trying to register the user’s phone number.
  • At the same time, either by using their own Telegram account or posing as someone from your contact list whose account has already been hijacked, the scammer requests a screenshot of the user’s Telegram chats, which will also capture the login code from Telegram.
  • The scammer avoids asking for the login code to be forwarded to them directly and most users unknowingly share this with the scammer thinking there is no harm in doing so. After providing the screenshot to the scammer, the user’s Telegram account will be hijacked.
  • The scammer will then masquerade as the user of the hijacked account and will use various pretexts to request money from the user’s contact list to be transferred to a specific local bank account number.

 

IMPACT

The user loses access to their Telegram account, and the scammer can send messages to the user’s contact list while impersonating them.

 

PRECAUTIONS

  • Never share your Telegram verification or login code or any confidential information with anyone, even if the message appears to be from your trusted contact or Telegram itself.
  • Beware of unusual requests received over Telegram or other messaging apps. Call that person to double check if they had indeed sent the message, especially if the message is out of character.
  • Turn off notification preview for SMS. Anyone who can see the verification code on your phone can easily hijack your account.
  • Enable "Two-Step Verification" for your Telegram account.
    Go to Settings > Privacy and Security > Enable Two-Step Verification
  • Log out of Telegram Web/Desktop when you finish using it.

 

RECOMMENDATIONS

How to detect if your Telegram is hacked:

  • Your Telegram account has logged out automatically from your device.
  • You notice unusual activities on your account such as sending messages, stickers, or joining unfamiliar group chats.
  • Check which devices are logged into your account.
    • iOS: Settings > Devices
    • Android: Settings > Privacy and Security > Active Sessions


If your Telegram account has been hijacked:

  • Inform your family and friends that your account has been hacked, and they should not respond to any Telegram messages that appear to be from you.
  • Warn others not to share their verification codes or any other confidential information.
  • Report to Telegram regarding your stolen account.
  • Report to the relevant law-enforcement agency and BruCERT.


How to delete a Telegram account:

  • In the Telegram application and desktop version, you can set your account to be automatically deleted if it has been inactive for a period of time such as 1 month, 3 months, 6 months or 1 year. You can also choose to delete the account immediately.


How to secure your Telegram account:

  • Use Two-Step Verification: Once enabled, you will need both an SMS code and a password to log in.
  • Make your phone number private: If any third party doesn’t know which phone number you are using on your account, it will be more difficult to breach your account privacy.
  • Secret Chats: Telegram secret chat uses end-to-end encryption so no one can see your conversion even if they have access to your account.