Telegram: A New Channel for Fraud and Cybercrime

December 13, 2023

In recent years, Telegram has emerged as a new tool for cybercrime. Taking advantage of its privacy and encryption features, threat actors now use the platform to carry out scams, fraudulent activities, and other illicit cyber activities. In this article, we look at how and why Telegram has transitioned from a secure messaging app to a hub for crime, the illegal activities that it hosts, and the implications of these on cybersecurity practices.

What is Telegram?

Telegram is a cloud-based messaging platform focused on speed and security. It was launched in 2013 by brothers Nikolai and Pavel Durov amidst concerns over data privacy and a growing demand for more secure communication tools.

Why Do Cybercriminals Use Telegram?

By prioritizing security and ease of use, Telegram has made itself the platform of choice for millions of privacy-conscious individuals. However, this combination of features, along with a few other factors, has also led to its popularity within cybercriminal communities. We outline the reasons for this in more detail below:

  1. User Anonymity: Telegram allows users to create accounts and channels without revealing their true identities, providing a veil of anonymity that is useful when conducting illegal activities.

  2. End-to-End Encryption: Telegram’s “Secret Chats” functionality offers end-to-end encryption that ensures that only the intended recipient can access the message. Additionally, an auto-delete function allows messages to self-destruct after a specified period of time.

  3. Ease of Channel and Group Creation: Creating channels and groups on Telegram is quick and easy, enabling rapid setup and dissemination of information within criminal networks. On the other hand, a website on the dark web can take days to weeks to set up.

  4. Large Group Capacity: Telegram groups can have up to 200,000 members, while channels can have an unlimited number of subscribers, allowing cybercriminals to communicate and collaborate with a vast network of individuals simultaneously.

  5. File-Sharing Capabilities: Telegram permits the sharing of large files, a feature useful for distributing malware, stolen data, and other illicit materials.

  6. Bots and Automation: Telegram's support for bots allows for the automation of tasks and processes, which can be exploited for managing scams and distributing malicious content such as phishing links.

  7. Accessibility: Compared to the dark web, Telegram is much easier to access and does not require specialized browsers or technical expertise. This gives cybercriminals a much larger pool of potential victims and collaborators to draw from.

  8. Global Reach: Telegram’s availability globally allows cybercriminals from different parts of the world to connect, facilitating cross-border collaborations and expanding the reach of their criminal activities.

  9. Flexibility in Account Management: Users can easily create new accounts, rename accounts, and manage multiple profiles, making it difficult for authorities to track and monitor individual actors.

  10. Challenges in Surveillance: Compared to the dark web, Telegram is more difficult for law enforcement agencies to monitor, allowing criminals more freedom to engage in and continue their illicit activities.

Types of Cybercrime and Scams on Telegram

Within Telegram’s growing cybercrime ecosystem, users can find various channels and chats dedicated to specific illegal activities, ranging from the distribution of malware to the sale of personal information, financial scams, and even technical support for cybercrime campaigns. 

  1. Malware and Ransomware Distribution
    Cybercriminals use Telegram as a platform to share files or links that, when opened, infect the user's device. They set up specialized channels that distribute different types of malware, including ransomware, spyware, and Trojans. Additionally, they often provide tools and software for hacking and unauthorized access to systems
  1. Phishing Scams
    Various channels on Telegram specialize in the sale of phishing pages–fake websites designed to collect personal information–as well as phishing kits and tools required to make these.
  1. Sale and Distribution of Stolen Data
    Telegram channels often serve as marketplaces for selling stolen data, including personal identities, credit card information, and login credentials which may be used to carry out credential stuffing attacks or fraud.
  1. Sale of Drugs
    Some Telegram groups and channels are used for the illegal sale and distribution of drugs, leveraging the app’s anonymity and encrypted communication to escape detection by law enforcement.

  1. Technical Support for Cybercrime Campaigns
    Taking advantage of message privacy and encryption features, cybercriminals also use Telegram to provide technical support to other bad actors who need guidance in launching their criminal campaigns.

  2. Botnet and DDoS Services
    Channels that offer services for controlling botnets or launching Distributed Denial of Service (DDoS) attacks against targets.

The list above is not exhaustive. As cybercriminals continually expand their activities and adapt their methods, it is imperative to keep abreast of the new scams, techniques, and crimes on Telegram. 

DDoS services available on Telegram
DDoS Services available on Telegram
Stolen data for sale on Telegram
Stolen data for sale on Telegram

Worried about threats on the dark web?

Uncover cybercrime on Telegram

Find out how you can start monitoring cyber risks with StealthMole
Talk to our team of experts today to learn how you can manage your dark web exposure.
Request demo

Addressing Telegram’s Growing Cybercrime Ecosystem

The proliferation of cybercrime on Telegram is a serious challenge for both law enforcement agencies and businesses. The platform’s encryption features and decentralized nature make it difficult for authorities to intercept and track down criminal communications, while its ease of use only accelerates the growth of its cybercrime ecosystem.

For law enforcement agencies, building digital forensics expertise focused on Telegram is critical. This includes developing advanced technical capabilities and legal frameworks to navigate platform encryption policies while respecting privacy laws. Cracking down on Telegram cybercrime will require the right technological tools to investigate and monitor channels for illegal activities, as well as personnel with adequate training.

Likewise, businesses must also update their corporate cybersecurity strategy to adapt to the risks on Telegram. Beginning with awareness,  employees and stakeholders must be educated on the risks of the platform, including recognizing potential scams, phishing attempts, and the dangers of sharing sensitive or personal information on such platforms. Furthermore, in the same way, that enterprises employ dark web monitoring solutions to identify credential exposure or cyber risks, they should update their arsenal of monitoring tools to be able to track and flag potential threats on Telegram.

Monitoring Telegram with StealthMole

Given its growing role in cybercrime, monitoring Telegram is critical to maintaining a proactive approach to cybersecurity. Similar to dark web monitoring, this involves implementing solutions specifically designed to detect and alert any security incidents such as corporate data leakage or stolen credentials on Telegram. This way, organizations can quickly identify and mitigate potential threats before they escalate while law enforcement agencies can track down bad actors and easily carry out digital investigations. StealthMole’s threat intelligence platform scans thousands of Telegram channels to help uncover illegal activities or instances of unauthorized data exposure. Talk to us today to get started.

StealthMole Team