Today, in one of the chats where I am present, there was interesting information about how your Telegram account can be stolen. The user who provided the information almost became a victim himself, but it's a blessing that everything turned out fine. Let's take it in order.
There are many ways that you can lose your account and put it in the hands of scammers. But I will not talk about everything, but I will tell you about the most banal - this is phishing.
What the scheme looks like: A person (an attacker) is added to you and starts a conversation. Then they throw you a link to the fake privnote site and the fun begins. For starters, what is PrivNote? PrivNote is a secure, self-destructing note-taking service. That is, you create a note, a link is generated, you throw it to someone, the person reads the note, and the link is no longer available. Convenient and secure, but scammers have learned to use this method to conduct targeted attacks on the end user.
The original PrivNote site is https://privnote.com. The site has an SSL certificate, registration in 2007 and it is easy to check. Fraudsters use a fake service, but on a different domain that was registered recently (to commit illegal actions). If you go to the main page of a fake site , you won't see anything. A conversation with an attacker can take place something like this (for example, a user who was tried to hack):
The attacker's nickname is smeared in red.
You can immediately see that this is a fake. First, there is no SSL certificate (not https). But in some cases, scammers can use SSL and then you need to look at the domain that you are moving to. When you go to the site, a fake copy of the original opens:
Here, too, it is noticeable that the links are made crookedly and stand out, but this is not the point. Only one "Yes, show me a note" button works. If you click cancel, nothing happens. Click on the button:
What we see: A competent fake Telegram opens, where it says that the note is protected and you can view it only after logging in to your account. A naive user will click on the link and leave their data. Okay, let's move on, it's interesting.
Enter any phone number.
Then you are asked to enter the code from the sms to log in (on fake, this is also implemented via the Telegram API). Well, after entering the code and sending the data, the code goes to the fraudster.
Fake news works quite simply. When you enter the phone number, the attacker receives an alert and waits for the code, then after sending the sms code, you give him your account, and then everything is clear.
Of course, this won't work with two-factor authorization, but still.
Let's sum up the results:
This is a common fake that is aimed at an inattentive user. Never enter your account details ANYWHERE other than the official Telegram client. Do not click on questionable links and check whether you are on the original site. As a security measure, set an additional password for your account and do not share your phone number from your account with anyone. And if you become a victim, immediately terminate all sessions in the settings and set/change an additional password. Also, don't forget to send a complaint and block the user who sent you this link.
Be careful and take care of your data.
I'm not saying goodbye.
There are many ways that you can lose your account and put it in the hands of scammers. But I will not talk about everything, but I will tell you about the most banal - this is phishing.
What the scheme looks like: A person (an attacker) is added to you and starts a conversation. Then they throw you a link to the fake privnote site and the fun begins. For starters, what is PrivNote? PrivNote is a secure, self-destructing note-taking service. That is, you create a note, a link is generated, you throw it to someone, the person reads the note, and the link is no longer available. Convenient and secure, but scammers have learned to use this method to conduct targeted attacks on the end user.
The original PrivNote site is https://privnote.com. The site has an SSL certificate, registration in 2007 and it is easy to check. Fraudsters use a fake service, but on a different domain that was registered recently (to commit illegal actions). If you go to the main page of a fake site , you won't see anything. A conversation with an attacker can take place something like this (for example, a user who was tried to hack):
The attacker's nickname is smeared in red.
You can immediately see that this is a fake. First, there is no SSL certificate (not https). But in some cases, scammers can use SSL and then you need to look at the domain that you are moving to. When you go to the site, a fake copy of the original opens:
Here, too, it is noticeable that the links are made crookedly and stand out, but this is not the point. Only one "Yes, show me a note" button works. If you click cancel, nothing happens. Click on the button:
What we see: A competent fake Telegram opens, where it says that the note is protected and you can view it only after logging in to your account. A naive user will click on the link and leave their data. Okay, let's move on, it's interesting.
Enter any phone number.
Then you are asked to enter the code from the sms to log in (on fake, this is also implemented via the Telegram API). Well, after entering the code and sending the data, the code goes to the fraudster.
Fake news works quite simply. When you enter the phone number, the attacker receives an alert and waits for the code, then after sending the sms code, you give him your account, and then everything is clear.
Of course, this won't work with two-factor authorization, but still.
Let's sum up the results:
This is a common fake that is aimed at an inattentive user. Never enter your account details ANYWHERE other than the official Telegram client. Do not click on questionable links and check whether you are on the original site. As a security measure, set an additional password for your account and do not share your phone number from your account with anyone. And if you become a victim, immediately terminate all sessions in the settings and set/change an additional password. Also, don't forget to send a complaint and block the user who sent you this link.
Be careful and take care of your data.
I'm not saying goodbye.
