The activity of online scammers in Telegram has significantly increased, as they take advantage of the convenient functionalities of the messenger, according to Kaspersky experts. Phishers are skillfully utilising the messenger’s capabilities to provide various services from mass-scale automated phishing creation to selling data stolen during a phishing attack. Kaspersky’s new research provides a wide overview of phishing market in Telegram.
Phishing bots. Automated, quick and easy.
One of the most significant aspects of this trend is the use of Telegram bots to automate illegal activities, such as creating phishing pages and collecting user data. While bots in Telegram help users and businesses automate many routine processes, attackers have found ways to use these bots to automate their malicious activities.
Creating fake websites in a Telegram bot is a free and easy process that
usually consists of several steps. A beginner scammer subscribes to the bot
creator’s channel, selects the desired language, creates their bot, and sends
the token to the main bot. The new bot is then created to receive data from
users who followed phishing links and tried to log in to a fake site. Attackers
can use this method to collect a wide range of data, including email addresses,
phone numbers, account passwords, IP addresses, and the victim’s country. These
bots provide a variety of targeted platforms, including messengers, social
media, and popular brand websites, to be abused in a future phishing page.
Phishing-as-a-service. Exclusive, more targeted, more expensive.
In addition to free phishing kits and automated creation of phishing via Telegram bots, scammers offer paid goods and services under the phishing-as-a-service model. Attackers sell scam and phishing “VIP Pages” - websites created from scratch with a wider range of features or tools for generating such pages. These are no longer primitive copies of well-known brand websites, but more advances targeted scam resources. For example, a VIP Page may contain social engineering elements such as attractive design and promises of big wins, detection protection, etc. The prices for such fake pages vary from US$10 to $300.
Data for sale. No need to perform an attack, buy the data directly.
In addition, bank account data obtained through phishing is also put up for sale. Unlike the free data discussed above, paid data is verified up to the amount in the user’s account. For example, to access a bank account with a balance of US$1,400, the owners are asked to pay US$110, and the credentials from an account with a balance of US$49,000 were billed for $700.
