GKSD - stock.adobe.com
The RSA Quarterly Fraud Report for the fourth quarter of 2018 has warned of a rise in fraudsters using social media platform Telegram to target unsuspecting users.
In the report, the RSA noted that Telegram had become a sought-after tool on the fraud scene. It said the messaging app had experienced significant growth, adding 350,000 users daily, and it allows users to create groups with up to 30,000 members.
The platform has been widely adopted globally, is available in 13 languages and supports bots. Legitimate uses of Telegram bots include automatic file converters, daily weather or horoscope notifications and management of to-do lists.
According to the RSA, until recently, fraudsters mainly used Telegram groups and channels to organise their communities. But it added: “Recently, RSA has witnessed a surge in the use of the Telegram bot feature by fraudsters to facilitate and automate their activities. Some provide automated tools for common actions conducted by fraudsters, whereas others provide actual fraud services via online stores.”
The report highlighted several bots that traded in stolen credit and debit cards, as well as hacking toolkits.
“Telegram bot stores possess several significant benefits for fraudsters,” it said. “Not only do they eliminate the need to register a host and domain, but all the typical security challenges that may impact a website, DDoS [distributed denial of service] attacks perhaps most notably, become irrelevant. The use of the Telegram platform also eliminates fraudsters’ need to protect and hide their website from law enforcement.”
The use of Telegram bots not only demonstrates the continued growth of social media and other popular platforms as tools for illicit activity by cyber criminals, but also the use of advanced technologies such as artificial intelligence to automate their businesses, the RSA report said. “While the implementation of Telegram bots in the fraud context is relatively new, we expect this trend to gain more momentum in 2019,” it added.
Read more about social media cyber crime
- A Telegram malware called Telegrab targets Telegram’s desktop instant messaging service to collect and exfiltrate cache data. Expert Michael Cobb explains how Telegrab works.
- Hackers were able to exploit a Telegram vulnerability to launch cryptomining malware. Expert Michael Cobb explains how they were able to do so and how to prevent similar attacks.