An expert told about the schemes of fraudsters in Telegram

Fraudsters use various informational reasons to convince the victim to go to a phishing page on the Web, after which they steal Telegram accounts. For example, a user may receive a message offering to take an online vote, sign a petition or purchase a premium subscription, Alexander Vurasko, development director of Solar AURA, the Solar Group's center for monitoring external digital threats, told Izvestia on November 20.

At the same time, the expert noted that spikes in frauds using a scheme to steal messenger accounts using fake premium subscriptions have been observed since 2023.

"Attackers use a variety of informational pitfalls to convince the victim to go to a phishing page that will require them to enter their phone number, password and SMS code from their messenger account. Such pitfalls can be online voting, for example for a child's drawing, signing a petition, getting a premium subscription and many other informational occasions," Vurasko specified.

After gaining access to the victim's account, the scammers siphon off all relevant information, including correspondence, files, photos. They also send out a fan of messages asking to borrow money or links to the next phishing sites, the expert explained. He specified that the variability of such schemes is extremely high.

In order not to fall for the tricks of fraudsters, the center recommended not to provide personal data, including logins and passwords from social networks and messengers, two-factor authentication codes on suspicious and unofficial websites. In addition, it is not worth giving this information in a conversation with strangers. In addition, experts advised to use only official resources and check their exact address through a search engine, as well as to use anti-virus software for additional protection against malware and phishing attacks.

On November 17, Evgeny Pankov, project manager of the Coordination Center for .RU/.RF domains, told Izvestia that there has been a steady increase in phishing attacks conducted via messengers, especially Telegram and WhatsApp (owned by Meta, whose activities are banned in Russia). According to him, 2,374 domains imitating Telegram were blocked in Runet in the first 10 months of this year, which is 2.2 times higher than the same period last year. For the second messenger, the number of blocked domains increased more than five times - from 205 to 1,036.