Phuong Anh (Hanoi) received a message from a friend on Telegram, warning her account was “at risk”. If not processed immediately, the system will be forced to cancel the account after 24 hours. The message was sent from a long-time friend, with a link with the word “telegram” and the same interface, making Phuong Anh not suspicious at all.
After entering the required phone number, a message containing the OTP code will be sent. When she was about to enter the OTP, she realized that the link contained a backwards character and had the .top extension instead of .org. At this point, she realized she had clicked on a fake website.
An impersonation page with an interface similar to Telegram. Photo: Luu Quy
What to do when you enter the wrong impersonation website?
The Anti-Fraud Project (CLD) said it has recorded a series of cases like Phuong Anh’s recently and this is typical of a scam campaign to take over Telegram accounts. In any situation, users need to get into the habit of looking carefully at links before clicking, especially links that require entering information. This action helps reduce the risk of being infected with malicious code or accidentally sending information to crooks.
According to CLD experts, most websites impersonate Telegram for the purpose of obtaining account login information. Therefore, if you just click but do not fill in the information, users do not need to worry too much. What you need to do is immediately close the web browser window and delete the link in your access history to avoid mistakenly accessing it next time.
In case both the phone number and OTP are entered, the thief can immediately access the user account. At this point, you need to go into your account and exit all existing login sessions, by selecting Settings > Devices > Terminate all other sessions to exit your account from other devices, including the attacker’s device. The faster the execution time, the lower the risk, because bad guys can also customize to prevent users from accessing, or use automatic tools to save private conversations, or take advantage of their own accounts. victims to spread fraudulent messages to others in their friends list.
In addition, another risk is that Telegram supports changing phone numbers, which means hackers can fill in another number to take over the user account. At that time, the victim needs to contact Telegram’s support page for help and account recovery. According to CLD experts, because the platform does not verify identities, the possibility of users being able to get their accounts back is not high, but it can limit them from being used for malicious purposes.
Telegram’s recovery email setup interface. This feature is not pre-set, users need to go into the settings to add it themselves. Screenshots
Risk from websites impersonating Telegram
Statista’s statistics show that Vietnam is in the top 10 markets that favor Telegram, with 11.84 million downloads in 2022. According to Digital Report in early 2023, 31.5% of Internet users in Vietnam are aged 16- 64 is using Telegram. Thanks to its convenience and high storage capacity, this is also a platform used by many individuals and organizations to work or exchange sensitive messages. Therefore, Telegram accounts have also become the target of a series of phishing campaigns in recent times.
Anti-Phishing project experts said that the Telegram impersonation website has appeared since early 2023, but has been especially popular in the past four months, with the number reaching more than 1.3 thousand pages per month, targeting many markets. such as Vietnam, China, Thailand, Singapore.
Web spoofing has existed for a long time, but on Telegram, this method is considered “more effective”. According to analysis by CLD experts, the impersonation website uses a misleading domain name, and the source code from the customized Telegram web version, so it has identical features and display. The attacker spreads links from the stolen accounts, along with warnings that easily attack psychology, causing users to trust and become victims.
Mr. Vu Ngoc Son, Technology Director of NCS Cyber Security Company, said that after taking over the account, the bad guys can read the entire chat history, find out information about the victim to build a further fraud scenario. follow, and at the same time spread malicious code to their friends list. This is also the scenario many Vietnamese users have encountered recently.
Another loophole is that by default, the platform does not enable two-factor authentication. So with just a phone number and OTP, an attacker can access the victim’s account. To prevent, users should proactively turn on the authentication layer, by going to Settings > Privacy and Security > Two-Step Verification . Here, they set an additional password to open an account on a new device, and can also fill in a recovery email when necessary.
Mr. Son recommends that users avoid accessing links sent via chat, email, even from friends. If you have a need, you should go directly to Telegram’s official address by typing the address in the browser. When you receive a text message containing a link and asking for information, you should call to check because that person may have also become a victim.
Luu Quy
EN 
VI
Leave a Reply
You must be logged in to post a comment.