The Anti-virus Times

Thursday, March 27, 2025

Telegram users have suffered a wave of phishing attacks. Fraudulent instant messages containing fake Premium subscription links are being sent via private messages and are luring users to phishing resources resembling the messenger’s authorisation page. How can you avoid this trap, and what can you do if you’ve already fallen into it?

The blow came from an unexpected direction. Many people believe that Telegram is a reliable resource, and its popularity is probably what has attracted attackers.

The essence of the scam is simple: the user receives a message in Telegram claiming that they have been provided with a “free Telegram Premium subscription” or a “gift” from a company or another user. The link allegedly takes the user to a page with an activated bonus. When the user visits the fake site, which looks like Telegram's official site, and completes the authorisation process, fraudsters gain access to the victim's account in the messenger. What happens next depends on the fraudsters’ criminal imagination: they can use the account for fraudulent activities, which includes stealing money from the card.

Since the beginning of 2025, analysts have been detecting increasingly more phishing cases on Telegram, sometimes up to 100-150 links per day. Fake sites are disguised as Telegram, and the domains can look like this: .beauty, .band, .ren, etc. On a fake site, the user finds a warning about alleged violations of the service terms, and to resolve the problem, they are asked to go through a verification process. Then the story continues in the “traditional” way: the victim logs in to the account and in doing so gives the attacker free access to it.

Since using Telegram bots automates routines, such as configuring reminders or receiving answers to frequently asked questions from customers, attackers use bots to automate illegal actions. The fraudster's task is to force their victim to open the link not on an office computer, which is most likely running anti-phishing protection, а на смартфоне, где такой защиты может не быть.

To avoid becoming a victim of such fraudulent schemes, you need to check the URL: cybercriminals often use addresses that are similar to official ones but contain minor changes. For example, they can replace one letter or add in an extra character.

You can never be too careful with unfamiliar links: even if you receive them from a person from your contact list. Always check the sender and contact your friends in alternative ways if something seems suspicious to you.

Do not enter your data on third-party sites: real updates and offers for premium subscriptions are available only via official Telegram channels. Enable two-factor authentication (2FA) to further secure your account and help prevent unauthorized access.