Targeting Telegram... 3,000 Accounts Hacked Daily

"[International Sender] Your Telegram account will be deactivated according to Telegram policy. Please complete verification within 1 hour. abc.xyz"

If you receive a message like this and carelessly click the link, your social networking service (SNS) account could be stolen. Cybercrime methods that threaten victims with private information hidden in SNS and then extort large sums of money have recently been on the rise.

According to the Korea Internet & Security Agency (KISA) on the 31st, among 409,587 smishing cases (a combination of SMS and phishing) detected over the past two months (January to February), more than half (218,632 cases) involved account theft. This means that about 3,000 account theft cases have been confirmed daily since the beginning of this year.

It was especially found that most cases involved Telegram account theft. The reason is that since Telegram is an overseas messenger, people do not suspect messages that include phrases like 'International Sender' or 'Overseas Sender.' Also, because the Telegram login page is open source, anyone can create a phishing site that looks exactly like the real one. Kim Eun-seong, head of KISA’s Smishing Response Team, said, "Recently, hackers have been obsessed with stealing Telegram accounts," and added, "Many people are unaware of this, so cases of falling for malicious sites have surged."

If a Telegram account is stolen, victims may suffer huge losses or become involved in crimes. Kim said, "One of the reasons people use Telegram instead of KakaoTalk or Line is for confidentiality," and added, "It seems that hackers threaten victims with sensitive conversation content to extort money." He also warned, "Additional damage may occur, such as using stolen accounts for 'romance scams' (fraudulent acts disguised as romantic relationships)."

Smishing (a combination of text message and phishing) tactics attempting to hijack Telegram accounts. Provided by reader

Therefore, Kim advised, "You should check whether the spelling of Telegram in the message link is correct before clicking." Actual smishing cases included examples where the letter 't' was doubled as in 'ttele-gram' and a hyphen (-) was inserted in the middle to create a similar-looking address. Malicious sites were also created by adding words after Telegram, such as 'telegram-tot.'

Meanwhile, KISA has launched a 'Qusing (a combination of QR code and phishing) verification service' to respond to smishing. By scanning a QR code with this service, users can check in advance whether the site is malicious. KISA also plans to introduce a 'Malicious SMS X-ray System,' which determines whether links included in bulk corporate messages lead to phishing sites and decides whether to block the message from being sent.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.