We at Kaspersky not too long ago performed a research and located that the common particular person spends $938 a yr on 12 subscriptions. This simply confirms that in right now’s world, being subscribed to quite a few providers is simply as a lot part of on a regular basis life as having your smartphone with you always.
There are subscriptions for every part: music, motion pictures, health, safety options, and even messaging apps. On this article, we’ll give attention to one of many latter — Telegram Premium, a subscription that doubles virtually all of the messenger’s free-version’s limits. And the best factor about it’s you could give it to your pals as a gift. If in case you have a big contact listing, Telegram ceaselessly reminds you of this risk. In fact, scammers are exploiting this characteristic, sending out pretend Telegram Premium present subscriptions left and proper.
So what’s behind these present subscriptions from cybercriminals — and how are you going to defend your Telegram account?
How the Telegram gift-subscription rip-off works
All of it begins with an innocent-looking Telegram message from somebody in your contact listing (really — an impostor): “You’ve been despatched a present — a Telegram Premium subscription”. Beneath it’s a hyperlink that, at first look, appears respectable. And certainly, it results in an official-looking Telegram Premium channel. However there’s a catch…
Admit it, receiving a message like this feels nice, and in a second of pleasure, it’s straightforward to not cotton on to the lure
The textual content you see — https://t.me/premium — really hides a hyperlink to a very completely different phishing web page. It’s a easy trick. Take into account this instance: right here’s a hyperlink to the Kaspersky Each day weblog homepage — https://kaspersky.com/weblog, however it really redirects to the homepage of our different weblog, Securelist. Scammers use the identical precept: they masks their phishing hyperlinks with seemingly respectable addresses.
Let’s return to the Telegram gift-subscriptions rip-off. The phishing web page seems to be like an everyday Telegram login web page in a browser. Nevertheless, the rip-off is betrayed by the dodgy URL: the tackle begins with the acquainted https://t.me, however then has one thing further, which wouldn’t be there if have been a respectable web page:
Good attempt, scammers — it seems to be virtually an identical to the actual web site
For those who enter your account particulars right here, contemplate them stolen. Your consumer title, password, and presumably your two-factor authentication code will find yourself in dangerous guys’ fingers. When you’ve handed over your credentials, the scammers show a congratulatory message and begin a 24-hour timer, claiming it’s the activation interval for Telegram Premium. This delay is a basic cybercriminal tactic. They’re relying on the consumer both forgetting in regards to the subscription or believing it’s genuinely on its approach. Most definitely, the one factor that can occur throughout these 24 hours is that you just’ll completely lose entry to your account.
After 24 hours, the timer ends, however the subscription by no means materializes
How else do scammers exploit present Telegram subscriptions?
Since Telegram Premium launched a number of years in the past, numerous rip-off eventualities have emerged. Unsurprisingly, these scams bear similarities to different primitive types of fraud we ceaselessly focus on on the Kaspersky Each day weblog.
For instance, cybercriminals may declare to host a free raffle for a three-month Telegram Premium subscription. Nevertheless, there’s no actual drawing of the profitable “tickets” — everybody’s a winner; nevertheless, the prize isn’t a real present subscription. Victims are directed to click on a hyperlink and log in to Telegram on a phishing web site. And that’s the place their accounts get compromised.
One other widespread tactic entails distributing APK recordsdata for supposedly “hacked” Telegram apps bundled with Premium subscriptions. For sure, such modified apps are sometimes nothing greater than malware in disguise.
At all times be skeptical of allegedly hacked or different variations of common apps
Now, you’ll have observed that the screenshots above are in numerous languages. The very fact is that these scammers function everywhere in the world, and if this scheme hasn’t reached your area but, relaxation assured it certainly quickly will. Subsequently, it’s best to make sure the safety of your gadgets and accounts with dependable safety.
How you can defend your Telegram account
To begin, we advocate organising your Telegram safety and privateness utilizing our information. For those who’ve already performed this, listed here are some further ideas that will help you keep away from turning into a sufferer of those and different scams:
- Do not forget that there’s no such factor as a free lunch. Earlier than celebrating a sudden present, double-check if the sender actually has good intentions. On the very least, contact them through a unique communication channel — name them, use one other messenger, or confirm in particular person. As your private account is at stake, you’d higher err on the aspect of extreme warning.
- Buy subscriptions solely via official channels. Telegram, for instance, has a chosen bot for purchasing subscriptions.
- Allow two-factor authentication. This could possibly be your final line of protection in case you fall for a rip-off. One strategy to retailer your 2FA tokens conveniently and securely is in Kaspersky Password Supervisor.
- Study extra about different methods scammers can steal your Telegram account. There are numerous fraudulent schemes — lots of that are extra refined than they seem.
- Decelerate, even should you’re being rushed. Scammers love pressuring victims with timers. Relating to your digital security, ignore countdowns and take your time.
- Be cautious about different variations of apps. We advocate solely utilizing official apps, as a result of unofficial variations are virtually all the time loaded with Trojans.
