Advisory
19 JAN 2023
BACKGROUND
Telegram takeover involving a money transfer scam has been active in Brunei Darussalam since last year and a recent spike in this scam has been reported to BruCERT in the past month. This is a worrying trend as a growing number of individuals have fallen victim and transferred funds ranging from $200 to $1,000 to the scammers. It is suspected that the number of unreported cases is much higher.
The scam is initiated by hijacking a user’s Telegram account, then using the compromised account to request for money from people in the user’s contact list.
MODUS OPERANDI
- The scammer attempts to login to your Telegram account by using your phone number. This results in you unexpectedly receiving a message from Telegram containing a 5-digit login code.
- Either by using their own Telegram account or by posing as someone from your contact list whose account has already been hijacked, the scammer then requests a screenshot of your Telegram chats, which will also capture the 5-digit code from Telegram.
- The scammer avoids asking for the login code directly, so most users unknowingly share a screenshot with the scammer thinking there is no harm in doing so. The scammer then has access to the login code and can take over your Telegram account.
- By using your hijacked account, the scammer can then masquerade as you and will use various pretexts to request money from your contact list to be transferred to a specific local bank account number. The people who are contacted are likely to comply with the request because they think it’s from someone they know.
IMPACT
- The user loses access to their Telegram account, and the scammer can send messages to the user’s contact list while impersonating them.
- Possible financial loss
- Identity theft
PRECAUTIONS
- Never share your Telegram verification or login code or any confidential information with anyone, even if the request appears to be from someone you know or Telegram itself.
- Beware of unusual requests received over Telegram or other messaging apps. Call the sender to double check if they had indeed sent the message, especially if the message is out of character.
- Turn off notification preview for SMS. Anyone who can see the verification code on your phone can easily hijack your account.
- Enable "Two-Step Verification" for your Telegram account.
Go to Settings > Privacy and Security > Enable Two-Step Verification
- Log out of Telegram Web/Desktop when you finish using it.
RECOMMENDATIONS
How to detect if your Telegram is hacked:
- Your Telegram account has logged out automatically from your device.
- You notice unusual activities on your account such as sending messages, stickers, or joining unfamiliar group chats.
- Check which devices are logged into your account.
iOS: Settings > Devices
Android: Settings > Privacy and Security > Active Sessions
If your Telegram account has been hijacked:
- Inform your family and friends that your account has been hacked, and they should not respond to any Telegram messages that appear to be from you.
- Warn others not to share their verification codes or any other confidential information.
- Report to Telegram regarding your stolen account.
- Report to the relevant law-enforcement agency and BruCERT.
How to delete a Telegram account:
- In the Telegram application and desktop version, you can set your account to be automatically deleted if it has been inactive for a period of time such as 1 month, 3 months, 6 months or 1 year. You can also choose to delete the account immediately.
How to secure your Telegram account:
- Use Two-Step Verification: Once enabled, you will need both an SMS code and a password to log in.
- Make your phone number private: If any third party doesn’t know which phone number you are using on your account, it will be more difficult to breach your account privacy.
- Secret Chats: Telegram secret chat uses end-to-end encryption so no one can see your conversion even if they have access to your account.
References:
