Anonymity How to secure your Telegram Account?

[Fixxx]

There is an opinion that Telegram is one of the most secure messengers...​

However, hackers have long learned to hack and steal accounts, gain access to personal messages and chat content.
We'll explain - how it happens, why someone would want to hack your Telegram account and how to protect yourself.

How accounts are stolen?​

To hack Telegram hackers can use a variety of methods: from social engineering to intercepting SMS codes and infecting with viruses. They come up with new schemes to deceive, extract passwords, exploit vulnerabilities in the application and take advantage of people's lack of knowledge about basic internet safety rules. Below I will examine these methods in more detail.

Phishing:

One of the simplest methods is phishing. Hackers send messages of various contents - for example, it may contain a "gift" in the form of a subscription to Telegram Premium. The recipient clicks the button to receive the gift and a verification code is sent to them supposedly to activate the subscription. After entering the numbers the scammers gain access to their account and send messages to the contact list on their behalf.

The most common type of Telegram account theft is not the interception of SMS codes but simple phishing. The victim receives a message, usually from a fake familiar account, with content like: "Please follow the link and vote for my niece in the kindergarten drawing contest https://.....". The victim clicks the link and is asked to log into Telegram supposedly to protect against fraudulent votes. The naive user enters their number, SMS code and cloud password. Using this information the fraudster restores the session and compromises the account. Typically, fraudsters promptly extract all data from the Telegram account (chats, files, media, etc). There have been cases where compromised accounts were used for further distribution to the victim's contacts. In such cases the phishing message has a higher level of trust as the account isn't fake.​

To achieve better results scammers use a more personalized approach to the victim rather than mass-sending the same text. Hackers pre-study available information about the person on the internet and use it during the conversation. Some use neural networks to create voice messages in the voice of the hacked account owner. Scammers also create chatbots that purportedly represent official brands, marketplaces or the Telegram administration.

The most recent case involved a scammer who knowing the full name and position of a company's manager created a fake Telegram account posing as the company's director then messaged an alleged employee and asked them to follow phishing links. If the person followed the link they would be instructed to perform actions that would result in losing access to their account or Telegram channel permanently.​

In the summer 2023 phishing emails were received more frequently by teachers and healthcare workers. Scammers registered an account subscribed using the name of the hospital's chief physician or school director and set their photo as the avatar. They then messaged organization employees, claiming that a curator from the relevant Ministry or law enforcement officer would contact them with questions. In most of cases the scammers were interested in the user's money rather than their accounts.

SMS Interception:

In 2019 the computer forensics laboratory Group-IB reported a series of Telegram hacks. The incidents occurred on iOS and Android devices regardless of the victim's mobile operator. In all cases the only authentication factor was SMS. Initially, the user received a message from the official Telegram channel with the login code. Then an SMS with the activation code arrived along with a notification of a successful login on a new device. Group-IB reported that hackers used mobile internet (possibly disposable SIM cards) to access the victim's account.

To intercept the SMS code a hacker connects to the SS7 network of any foreign operator. By sending the SRI4SM service command over the network channel (specifying the victim's number as a parameter) the hacker receives a response with technical information from the subscriber's home network allowing them to know what services and subscriptions the victim has. Next with this data the hacker only needs to register the victim's number in a fake VLR simulating that the subscriber is in roaming and has registered with a new network. After that the hacker can receive SMS messages sent to this subscriber.​

Hackers can carry out such attacks by gaining access to special equipment for intercepting SMS or using insider information from mobile operator employees. When hackers intercept the SMS code they use a fake cellular point and must physically be near the victim to force their device into a less secure 2G mode. Then encryption is disabled and the SMS code is intercepted. If your account is valuable to you it's advisable to register it only on the SIM card you physically have and prohibit the operator from reissuing the SIM card without your physical presence and a written statement.

Malware:

In a message a scammer can send a link, archive or file containing a hacking program. The victim clicks on the link or file and the login data is transmitted to the scammer. Additional challenges arise because many users use the automatic content download feature from received messages.

Vulnerabilities in the Application:

In the spring of 2022 several Telegram channels including thematic publics and media were hacked. Messages of the same content appeared in them. The media reported that the reason was the inclusion of Telegram bots, Crosser Bot and Controller Bot to which the hackers gained access. This isn't so much about Telegram vulnerabilities as it's about third-party services particularly those used by community administrators. While Telegram has its own bug bounty program and security team such services usually don't exist.

Why hackers want access to accounts?​

Hacking a Telegram account allows access to chats, channels and all media files in chats. There can be several reasons:

• Extorting money from the victim for the return of the account. If a hacker gains access to the account, kicks you out and changes the password they can blackmail by threatening to disclose confidential data.
• Gaining access to a large channel. By hacking an administrator's account of a large channel hackers can post any content, insert virus links or sell the channel.
• Obtaining confidential commercial or personal information for personal gain.
• Accessing contacts. This allows sending spam advertisements or emails on behalf of the victim requesting money transfers.

Hackers also make money by offering to hack an account for a certain fee. Such services can be ordered in the darknet.

 

[Fixxx]

Protection against Hacking​

First the user should enable two-factor authentication. It can be done in the profile settings.
To do this go to the "Privacy" tab, then select "Cloud Password" and set a strong password.

To protect your Telegram account from hacking it's recommended to enable two-factor authentication. The second factor in Telegram is implemented as a cloud password. That is, after entering the SMS code an additional password is required. It's important to use unique characters as a password which have not been used in other services. Since hackers can gather all passwords from leaks of various services. Most operators also offer the option to use an additional virtual number which should not be confused with eSIM. You can link a critical Telegram account to such a number in which case SMS codes will be sent not via cellular network but through the operator's application, increasing the security of the account.

In addition to two-factor authentication and a complex password, it's advisable to follow a number of precautions:

• Be skeptical of messages about winnings, gifts and lucrative offers (even from acquaintances).
• Don't click on suspicious links or open files.
• Update the application to the latest version in a timely manner.
• If you lose your phone contact your mobile operator and block the SIM card.
• Don't share your login and password with third parties.
• Regularly check active sessions and connected devices.

In all suspicious cases before taking any action make sure that the sender is who they claim to be. To verify this contact your acquaintance by calling them or using another messenger. Basic security measures must be observed. For example, the cloud password should not be stored in a text file on the computer and the account should be registered on a separate phone number that is not publicly known. Simple precautions will help you protect your account, nerves and money.

What to do if your account has been hacked?​

There are obvious signs that someone has accessed your account. Users note the following cases:

• Unable to log into the account.
• SMS codes for access are being sent to your phone.
• Being kicked out of the messenger.
• New subscriptions, missing chats or messages.
• Messages being sent and posts published on your behalf.

When a hacker logs into your account his device will appear in the list of connected devices. To check for suspicious logins to your Telegram account go to the profile settings. Then select "Privacy" and the "Active Sessions" tab. You will see a list of devices where the account has been accessed.

If you find suspicious devices the first thing to do is to end all other active sessions except your own. Telegram has a security mechanism that prevents the hacker from ending existing active sessions for 24 hours. Therefore, it's important to quickly detect the unwanted "guest" and close their access in time before they kick you out of the account. Check if you have enabled two-factor authentication. Create a new cloud password or change the old one. If you didn't detect the scammer in time they ended your session and changed the password, contact Telegram support. If you cannot recover the account and risk significant financial losses or reputational damage, you may delete your account by contacting the Telegram developer company. Deleting your account will result in losing all chats and their contents.

Conclusion​

Access to a Telegram account is an attractive target for hackers. Social engineering and phishing links are often used for hacking. To protect against hacking be sure to use two-factor authentication with a reliable cloud password. Also, remember the rules of digital hygiene - don't click on suspicious links and don't enter your cloud password and authorization code on any sites other than the official application. Users can check at any time in the settings if there are unauthorized connections to their account. If scammers are detected it's necessary to end all active sessions except your own and change the password.

 

[Fixxx]

Learn more about security in Telegram.