Kaspersky warns of phishing scams using Telegram Premium

Kaspersky has issued a warning regarding the proliferation of fake Telegram Premium offers designed to exploit users via phishing scams and malware.

The company notes that these fraudulent schemes involve the deployment of phishing attacks and malware, which appear as alternative app versions to deceive users into revealing account credentials or compromising their devices. The scams exploit the increased use of Telegram Premium and its gifting feature, with potential targets particularly during the holiday season when gifting is frequent.

Telegram Premium offers several exclusive features including faster download speeds, voice-to-text conversion, premium stickers, and an ad-free experience. Users have the option to gift subscriptions, a function which scammers are exploiting to mislead individuals.

The scams often begin with victims receiving a message that seems to originate from a contact whose account might have been hacked. The message claims, "You've been sent a gift — a Telegram Premium subscription". This is accompanied by a link that appears legitimate but leads to a phishing page, prompting users to log in to Telegram. Upon entering credentials, victims have their accounts compromised, allowing scammers access to login details and authentication codes.

Other variants of the scam do not necessarily start with messages on Telegram itself. Attackers are reported to employ emails, among other methods, to send phishing links.

An alternative scam involves fraudulent "giveaways" for Telegram Premium subscriptions, which lure victims into entering their account credentials on phishing sites, ultimately compromising their accounts.

Another tactic involves inviting victims to download a ZIP archive, which supposedly contains a version of the messenger service with a "Premium" subscription. The download link, however, redirects users to a phishing site.

Additionally, some scams distribute malware under the guise of alternative app versions, claiming to offer "built-in" Premium subscriptions, only for these downloads to result in malware installation.

Olga Svistunova, a security expert at Kaspersky, warns: "Phishing schemes capitalising on the Telegram Premium topic have been observed in several languages, suggesting that the perpetrators operate globally. Even if these scams haven't yet reached a specific region, there is a probability they could eventually make their way there. Therefore, during the holiday season, it's especially important to remain cautious and sceptical of offers that seem too good to be true. Additionally, make sure your Telegram security and privacy settings are up to date, and your device has a robust security solution."

To protect themselves, individuals are advised to double-check all links, including those embedded as hyperlinks. It's been observed that some seemingly legitimate hyperlinks redirect to different phishing pages. Users should verify suspicious gift links through an alternative communication channel. Purchases should be made through official channels, such as Telegram's dedicated bot for Premium subscriptions. Enabling two-factor authentication (2FA) is recommended, as it provides an additional layer of security even if primary account credentials are compromised. Finally, avoiding unofficial app versions is advised, as Kaspersky points out that these may contain malware.

This announcement is part of Kaspersky's ongoing effort in threat research, which seeks to provide valuable intelligence and robust security solutions to counter cyberthreats globally.