Telegram scams in 2025 | Kaspersky official blog

Telegram scams in 2025 | Kaspersky official blog

/in

Remember the early days of the internet and 419 (aka “Nigerian prince”) scams promising mountains of gold just for you? That era is thankfully over, but today a new curse is all the rage: messenger phishing. Due to its vast user base, the openness of its API, and support for crypto payments, one particular messenger — Telegram — has become a very popular choice for phishing cybercriminals. So what new tricks do Telegram scammers employ, and how can you spot them in time?

Telegram bots in the service of cybercriminals

Telegram is home to a huge array of bot-related scams. And sometimes attackers offer their bots to other bad guys to create new ones. If you’re feeling a bit overwhelmed, don’t worry: our Securelist blogpost takes a detailed look at this phenomenon — known as phishing-as-a-service.

Attackers often use Telegram bots instead of websites. It’s much easier to lure potential victims this way; it’s far harder to create and maintain a full-fledged phishing site and get victims to swallow the bait. With bots, everything’s simpler since users don’t need to leave Telegram, which many mistakenly think is a safe environment by default.

So what does it look like in practice? One example is a new scam involving cryptocurrency investments: “We’re handing out a new token to everyone — just enter the bot and go through KYC verification”. Of course, “KYC verification” for scammers doesn’t mean a passport photo or a video call to confirm your identity, but depositing a sum of cryptocurrency. And, yes, this crypto goes straight into the attackers’ account, while you get zilch.

Telegram bot offers fake KYC verification

Telegram bot offers fake KYC verification

Sure, Telegram bots aren’t limited to extracting crypto. For instance, we uncovered a scam inviting victims to get paid for watching short videos. Where? In a Telegram bot, of course.

Victims "earn" two euros per video view

Victims “earn” two euros per video view

Telegram bots are highly intrusive — if you don’t block them, they’ll keep knocking on your door. Most phishing sites don’t do this; user interaction with them plays out differently: visit the site, browse, leave. But chat with a Telegram bot just once, and it’ll bombard you with suspicious links or pester you for access to manage your channels and groups. If you grow tired of an intrusive bot, just block it: open a dialog with the bot, tap its name, then select Block. That done, the pesky bot will message you no more.

In another nasty bot-related scam, attackers persuade victims to start bot chats, then share their data or send money. Once the victim is hooked, the scammers rename the bot Telegram Wallet or Support Bot (mimicking supposedly official channels), transfer ownership of the bot to the victim’s account without their knowledge, and report it to Telegram support. Thinking it was the victim who created the bot, Telegram support deletes not only the bot, but also the victim’s account. The scammers do this to cover their tracks and muddy the waters for a possible police investigation.

Fake gifts and account theft

Attackers employ a variety of tricks to gain access to victims’ accounts. One of the most common scams is a “gift” subscription to Telegram Premium. Check out our post You’ve been sent a “gift” — a Telegram Premium subscription for details. In brief: scammers message victims from the hacked account of a friend, prompting them to go to a phishing site to “finalize the subscription”. There’s no subscription, of course. Instead, victims have their own accounts stolen.

Another new vector of fraud involves Telegraph, Telegram’s tool for posting longer texts. Anyone can publish content there, and no prior registration is required, which is what attackers exploit since it’s easy to redirect users to phishing pages. The result, as a rule, is one more hijacked account.

The user is lured into following the link to view the full version of the document

The user is lured into following the link to view the full version of the document

What else have scammers and phishers come up with? Threat actors are actively using AI to create deepfakes, steal biometric data, hide phishing attacks under temporary Blob URLs, and even spoof Google Translate subdomains. Read about these and other trends in our Securelist report.

How to guard against Telegram scams and phishing

The best tip is to apply critical thinking at all times. But even the smartest of us can sometimes act rashly, so try to read up on scams as much as possible so that your muscle memory automatically triggers the right response.

  • Don’t follow links sent by people you barely know. Don’t follow such links even if they promise a juicy gift, and never enter personal data on sites they point to.
  • Configure privacy and security in your Telegram account. See our in-depth how-to on two-factor authentication and secret chats.
  • Don’t share one-time codes or passwords with anyone. And don’t enter them anywhere except in the official Telegram app. Scammers know how to trick users into revealing their OTPs.
  • Use reliable protection that knows phishing when it sees it and warns you about it.
  • Block intrusive bots. As we said, they’ll keep on knocking, so if after one chat with a Telegram bot you’re sure that’s enough, feel free to block it.
  • Set up automatic termination of all inactive Telegram sessions every week. In Telegram, go to Settings, then select Devices → Automatically terminate sessions → If inactive for → 1 week.

If your Telegram account is already hacked, read our post What to do if your Telegram account is hacked. Time is of the essence — it’s easier to restore access in the first 24 hours after an attack. And subscribe to our Telegram channel for the inside track on new cybersecurity trends.

Other Telegram swindles:

Kaspersky official blog – ​Read More