Telegram: Understanding Why Fraudsters Use It
- Fraud and cybercrime have been increasing
- Telegram has become a prime platform for threat actors to conduct various scams and distribute malware
- The fact that it is quick and easy to "set up business" on Telegram is a huge attraction
We all seem to know at least one person who has been the victim of an online scammer. Social media, unfortunately, provides a fruitful venue for scammers looking for victims.
Social media -- specifically the popular messaging app called Telegram -- provides an easy-to-access marketplace for fraud tools. In fact, Telegram's reputation as a "one-stop shop" for fraudsters has made it notorious enough to get a label of its own, as reported in a post at Flare:
Telegram fraud refers to any malicious or deceitful activity that takes place on the Telegram messaging app. The rise of telegram fraud and cybercrime is due in part to the ease of channel creation and user anonymity of the app.
Its Own Category
Telegram fraud is extremely active and includes phishing scams, malware distribution, anonymous account activity, and romance scams. Clearly, Telegram's appeal to threat actors is due to its anonymity, user-friendliness, and ability to connect with victims globally. "Channels" and "rooms" can be set up almost instantly. If threat actors believe a channel has been infiltrated, it can be deleted and replaced in minutes.
Flare explains it as follows:
- It is borderless – this app is driven by being an international messaging platform. Therefore, it can be easier to connect with someone in a country or region successfully. This can allow cybercriminals to discuss with other threat actors globally.
- Users can remain anonymous – the app is also focused on anonymity and end-to-end encryption messaging, which allows users to create anonymous accounts. It can make it challenging for law enforcement to identify and arrest the perpetrators. This anonymity provides a safe haven for cybercriminals to engage in their fraudulent activities without the fear or retribution of being caught.
- It is user-friendly – Telegram is ultimately a user-friendly app that facilitates both group conversations and channels, while also enabling P2P encrypted messaging. This makes it particularly appealing to actors who may be tired of the laborious set up required to create a dark web forum or market.
- Actors can employ a direct to consumer model of crime – Threat actors can easily distribute their own stealer logs, malware and other threats without the need to pay escrows on traditional dark web marketplaces.
To prevent Telegram fraud, organizations should monitor Telegram channels, ensure that vendors monitor stealer logs, and avoid clicking on suspicious links or downloads.
Telegram and Check Fraud
Telegram is one of the major channels for check fraudsters to sell stolen checks, check fraud services and cooking labs, and share information because of its encryption and anonymity. In a previous post, we saw NY Times reporter Rob Lieber gaining access to a few check fraud groups and reaching out to unknowing victims.
Additionally, #FraudFighter Eric Huber, Cybercrime Research & Analysis Leader at TD Bank, posted a screenshot of a fraudster selling a "cooking" lab set up:
So, what can banks do to protect themselves and their customers? Unfortunately, because of the nature of the platform, there is not much they can do to eliminate these types of posts or channels. However, there are several vendors that provide monitoring services which will scan the dark web and Telegram for compromised accounts and stolen checks being sold. This enables banks to close accounts and stop payment on checks.
It's also advantageous for financial institutions to ensure that they have the right technology on the back-end to detect altered and counterfeit checks, such as transactional analysis and image forensic AI. As long as fraudsters have success committing check fraud, they will continue to target the payment channel. However, as more and more cases are detected and fraudsters become frustrated with unsuccessful attempts, we will see increasing trends of check fraud start to slow down and hopefully begin decreasing.