Specialists from FACCT (formerly Group-IB in Russia) warnedthat Telegram users began to receive messages from the fake Telegram support service. Attackers scare victims by declaring that a deletion request has been submitted for their account.
When the user protests that they did not intend to delete the account, they are prompted to follow a link to cancel the procedure.
Advertisement
As a result, the real owner of the account ends up on a phishing resource, where in order to cancel the account deletion, he must enter the phone number associated with the account and the security code received from Telegram. The fake page's style follows the design of the messenger itself.
Having received the phone number and code linked to the account, the attackers intercept control of the account, gain access to archives, correspondence, and channel management if the victim was an administrator or owner of one of them.
Researchers note that the phishing site immediately checks the entered data: if you provide incorrect information, the page will report an error.
Advertisement
Links to resources for hijacking Telegram accounts are distributed through personal messages, therefore, experts write that hackers do not need a large number of phishing pages. One active resource and a backup domain are enough if the previous one is blocked.
FACCT reminds that third parties cannot request the deletion of someone else's Telegram account. This can only be done by the account owner himself in the messenger settings. You can delete your own account immediately or activate the deletion automatically after a specified period of inactivity.