Kaspersky has identified a new trend in phishing techniques, with threat actors increasingly utilizing Telegram to automate their activities and provide various services. In a recent advisory, Kaspersky, one of their web content analysts, revealed that phishers create Telegram channels to educate their audience about phishing and share links to these channels via YouTube, GitHub, and phishing kits. Many channels offer tools to automate malicious workflows, such as generating phishing pages or collecting user data.[1]
While the phishing kits used in these campaigns are relatively basic, typically consisting of a script that captures user credentials and forwards them to a bot, Svistunova noted that they are still effective. For example, victims clicking on links promising incentives like 1000 likes on TikTok may be presented with a convincing login form that resembles the real thing.
Kaspersky also observed Telegram channels used for selling online banking credentials, with scammers extracting and selling account balances, charging higher prices for accounts with higher balances. Additionally, some Telegram channels were found to be advertising phishing-as-a-service operations, offering subscriptions with customer support for regular updates on phishing tools, anti-detection systems, and links generated by phishing kits.
A free phishing script and a ready-made phishing page for KFC sold on a Telegram channel (Image at Right: Kaspersky)
The malicious use of Telegram is not surprising as the platform has been referred to as the “New Dark Web” in a report from 2021 from Cyware. Furthermore, numerous reports have highlighted how Telegram groups have become a central hub for selling malware, bots, and ransomware and announcing attacks by criminal gangs.
Despite the techniques employed by phishers on Telegram, Kaspersky highlighted ways to identify them, such as detecting malicious sites generated by phishing bots hosted in the same domain or sharing parts of HTML code. Since the emergence of these domains, Kaspersky has detected 1483 attempts to access pages located within them.
The growing use of Telegram by phishers highlights the need for continued vigilance and awareness of evolving phishing techniques in cybersecurity.
- Protection against phishing attacks - While common sense is a valuable defense against phishing scams, here are 5 effective ways to protect yourself and your organization from falling victim to phishing attacks:
- Be cautious with emails: Do not click on suspicious links or download attachments from unknown senders. Verify the legitimacy of emails, especially those requesting sensitive information, by double-checking the sender’s email address and looking for signs of phishing, such as misspelled words or unusual requests.
- Avoid sharing personal information: Do not share sensitive information, such as passwords, social security numbers, or credit card details, over email or other communication channels unless you are certain of the recipient’s identity and the security of the communication channel.
- Keep software up-to-date: Regularly update your operating system, web browsers, and all software installed on your devices. This helps to patch security vulnerabilities that phishing attacks can exploit.
- Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring additional authentication, such as a fingerprint, a text message code, or a hardware token, in addition to your password. This can significantly reduce the risk of falling victim to phishing attacks.
- Educate yourself and be vigilant: Stay informed about the latest phishing techniques and trends. Be wary of unexpected emails or messages, especially those that create a sense of urgency or ask for immediate action. Think twice before clicking on links or providing personal information, and report any suspicious emails or messages to your IT department or the relevant authorities. Always practice vigilance and skepticism when dealing with online communications.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www. redskyalliance. org/
Website: https://www. redskyalliance. com/
LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
[1] https://www.hackread.com/telegram-phishers-automate-phishing-scams/
Comments