Tricksters without borders: scammers have found new vulnerabilities in Telegram

Scammers have started creating chat rooms to spread phishing links and bypass Telegram's security features. This happened after a large-scale update of the messenger in early May, which introduced the ability to make group calls without adding interlocutors to the group. Experts called for treating group chats and group calls with increased caution.

What's going on with Telegram's security?

The main danger is that fraudsters can use the new Telegram functions for their schemes, said Pavel Kovalenko, director of the Anti-Fraud Center at Informzashita. He recalled that on May 1, the service introduced group calls, for which participants do not need to be in the same group. The ability to hide statistics about the interlocutor takes away the user's chance to determine from the profile, for example, the recent date of creation, a strange country of registration, or an AI-generated avatar that the account belongs to intruders.

— Criminals can use group calls for advanced fraudulent schemes using DeepFake. Last year, we recorded a 13% increase in the use of such technology by intruders. In the first four months of this year, compared to the same period in 2024, such crimes increased by about 25%. This is due to the fact that AI is becoming more widespread and user-friendly, the quality of generated images and videos is becoming higher, which makes it more difficult to identify fraud," added Pavel Kovalenko.

Photo: IZVESTIA/Dmitry Korotaev

According to the expert, Informzashita has recorded several cases where fraudsters send links and QR codes to join a video call to citizens. In the conversation itself, the speaker is generated using artificial intelligence and is represented, for example, by an employee of an investment fund who shows users a profitable investment plan. Of course, there are no profitable investments, the attackers collect the victims' funds and disappear. They also use group calls for targeted phishing. They can create, for example, an AI copy of the head of the company and add employees to the calls in order to extract confidential information, identification data from them, or steal funds.

How to get the neighbor: scammers began to deceive Russians in house chat rooms

Experts have uncovered the most common schemes of criminals

GTSOLIFK IT expert Alexey Ermakov records the growth of cyber attacks through group calls. The main problem is circumventing anonymity restrictions: scammers create temporary chats, disguise themselves as legitimate organizations, and send phishing links using trust in group calls. There are also more frequent cases when criminals imitate messages "on behalf of the chat," which makes it more difficult to identify the source of the threat. In addition, attackers often lure victims into phishing chats under the pretext of "technical support," "practical jokes," or "exclusive offers." Through fake QR codes, instead of securely joining the call, the user gets to a fake website, where personal data is stolen from him, including passwords for accessing banking applications and accounts.

— Group calls and chats have become massively used by cybercriminals in order to circumvent Telegram's new security features. Let me remind you that the latest updates of the messenger have included the functionality of viewing general information about a new interlocutor, including the country and the date of his registration. This significantly reduced the scammers' ability to create an excuse to reach their victims. But, as it turned out, the inclusion of users in the chat allows you to bypass the Telegram restriction. Moreover, it increases the degree of anonymity, since a fraudster can write on behalf of a chat," concluded Igor Bederov, head of the Information and analytical research department at T.Hunter.

Photo: IZVESTIA/Sergey Lantyukhov

The expert noted that the messenger has not solved the problems of phishing through chatbots, as well as various forms of social engineering. Do not forget that the expansion of the functionality of group calls benefits scammers, who began using them to bypass previous Telegram security updates: informing new interlocutors about the date and country of registration, which was introduced by the messenger.

A new trend has become "girls from China", who were allegedly given the wrong number. This is how scammers try to ingratiate themselves by pretending to be involved in a dialogue that has been actively maintained for several days or weeks, then, under the pretext of meeting during a trip to Russia, helping with purchases of various goods or investments, try to steal card data or steal funds using phishing forms of payment, said the deputy director of the Center for Scientific ResearchTechnological Policy of Lomonosov Moscow State University Timofey Voronin.

Telegram is losing popularity

Currently, Telegram's main risks are related to vulnerabilities in its privacy policy and technical limitations. First of all, this is the lack of end-to-end encryption by default: only secret chats are protected by E2EE, while group and regular correspondence remain vulnerable to interception. The continued exploitation of the vulnerabilities of the messenger API, as well as the massive use of its ecosystem for crimes of various kinds, are of concern. At the same time, Telegram's cooperation with law enforcement agencies in a number of countries has not yet solved the problem of increased crime in the messenger, Igor Bederov noted.

— The probability of blocking Telegram in Russia remains moderate. The messenger has expanded its cooperation with the authorities of different countries, including Russia," he said.

Photo: IZVESTIA/Dmitry Korotaev

According to Alexey Gorelkin, CEO of Phishman, the company sees the attackers' interest in group calls as one of the elements during the attack.

— This is a convenient mechanism to lure a potential victim into a trap in an unconventional way, since when added to such a video conference, people do not suspect that this is a malicious activity, and it is easier to trust criminals. The attackers were particularly interested in the possibility of broadcasting their screen during such calls, because it opens up a new scope for mass attacks and coordination of the actions of several victims," added Alexey Gorelkin.

Few letters: hackers have adopted the method of password spraying

It allows cybercriminals to hack accounts with weak protection.

The trend is confirmed by another IT specialist.

— Attackers massively add users to chats with malicious links. Psychology and social engineering skills work here in many ways, as scammers skillfully imitate notifications on behalf of chat administrators, which increases confidence in their messages," explained Alexey Ermakov.

According to Valeria Besedina, an analyst at the Positive Technologies research group, the scheme allows attackers to bypass checks by sending links to a group call. A similar scheme was noted in early May of this year, and it is associated with the use of the secret chat function — in this case, the user will also not receive information about the sender's account. Thus, attackers can mimic a contact who is "reliable" to the user, which may make it possible to deceive victims more effectively.

Photo: Getty Images/KTSDESIGN/SCIENCE PHOTO LIBRARY

Valery Sidorenko, CEO of the Interium digital agency and head of the working group on developing an approach to regulating deepfakes of the Public Council under the Ministry of Digital Affairs of Russia, believes that Telegram is overheated, every tenth user is subscribed to more than 50 channels. Digital chaos kills the user's attention, drives him into addiction and depression, which scammers use, including in group calls.

— It turns out that Telegram is now not just a source of information exchange, but a source for brainwashing: scammers offer "unique" investment schemes, "earnings" on targeting, "exclusive" courses, promise quick enrichment, and the list of their tools is expanding with each update, — Valery Sidorenko summed up.

Go into negative territory: how scammers deceive Russians under the pretext of investing

The attackers send out offers even on dating sites.

According to Evgeny Yanov, head of the audit and consulting department at F6, the features of the functionality added to Telegram do not fundamentally affect the need to comply with the standard recommendations for setting up confidentiality on all possible points. These recommendations include, among other things, limiting the number of people who can add a user to chats. Accordingly, an attacker who is not a member of the user's contacts and is not a Premium subscriber will not be able to do this.

Photo: IZVESTIA/Alexander Kazakov

Users are advised to check the sources of links, not to click on suspicious QR codes and restrict access to their data in the privacy settings, recalls Kirill Kopytin, an IT expert at the Department of Esports at the Faculty of Gaming Industry and Esports at Synergy University.

Artezio has been conducting regular IT security research since 2018 and published a rating of the most secure messengers on May 6. For the first time, Telegram did not even get into the top ten due to significant changes in security policy in 2024, the expert recalled.