Man
Professional
- Messages
- 3,222
- Reaction score
- 807
- Points
- 113
How does a profitable business on the theft of messenger accounts work?
F.A.C.C.T. specialists analyzed the work of web panels for creating sites used by attackers to steal accounts in Telegram and WhatsApp messengers. Phishing resources that aim to steal credentials are a pertinent threat. Such sites often offer to "get Telegram Premium", "punch" another user's data, or "buy likes", which attracts inattentive users and leads to the theft of their accounts.
Experts have identified six Telegram-focused panels and one for WhatsApp, which help attackers create phishing sites. One of the panels made it possible to create more than 900 such resources from January to June 2024, indicating a high demand for this tool. Attackers use offers of free subscriptions, participation in voting, access to private channels, and other popular formats as bait. The obtained data of stolen accounts is sold on underground markets, and the income of experienced attackers varies from 600,000 to 2.5 million rubles per month.
Launched in May 2023, the Social Engineering phishing panel allows users to create fake sites focused on deceiving victims using a variety of scenarios, including an 'official preview' and an 'old template.' Panel users can manage templates, customize pages, and track rankings based on stolen sessions. The popularity of such panels is due to the availability and simple monetization system, in which access to the functionality of the panel is provided in exchange for small commissions.
In parallel with Social Engineering, there is a Teletron panel that offers up to ten different templates, such as "Telegram Premium", participation in voting, cash prizes and others. In Teletron, users can track statistics, link domains, and put stolen data up for sale, receiving income depending on the demand for specific accounts.
One of the popular methods of attracting victims is deceptive advertising and posts on social networks. Such publications often include links to supposedly free "Telegram Premium" or "provator" leading to fake resources.
For WhatsApp users, there is a paid phishing panel called Wphisher, which allows you to create accounts with different levels of privileges, and also offers templates for fake resources with QR codes and voting. The Wphisher panel saves sessions in the format of Chrome profiles, which allows attackers to hijack victims' accounts and send fraudulent messages on their behalf.
An analysis by F.A.C.C.T. specialists showed that a significant part of phishing panels is focused on Telegram, which is due to the high demand for accounts of this messenger. The panels offer a variety of scenarios for cheating, including voting, subscriptions, and popular game themes. For WhatsApp, fake votes remain relevant, which are also used to deceive and hijack accounts.
To protect against such threats, messenger users are advised to use two-factor authentication, check links before going to third-party resources, and avoid entering codes from messages on suspicious sites. In case of unexpected logging out of your account, you should immediately contact technical support, terminate all third-party sessions and change your password.
Source
F.A.C.C.T. specialists analyzed the work of web panels for creating sites used by attackers to steal accounts in Telegram and WhatsApp messengers. Phishing resources that aim to steal credentials are a pertinent threat. Such sites often offer to "get Telegram Premium", "punch" another user's data, or "buy likes", which attracts inattentive users and leads to the theft of their accounts.
Experts have identified six Telegram-focused panels and one for WhatsApp, which help attackers create phishing sites. One of the panels made it possible to create more than 900 such resources from January to June 2024, indicating a high demand for this tool. Attackers use offers of free subscriptions, participation in voting, access to private channels, and other popular formats as bait. The obtained data of stolen accounts is sold on underground markets, and the income of experienced attackers varies from 600,000 to 2.5 million rubles per month.
Launched in May 2023, the Social Engineering phishing panel allows users to create fake sites focused on deceiving victims using a variety of scenarios, including an 'official preview' and an 'old template.' Panel users can manage templates, customize pages, and track rankings based on stolen sessions. The popularity of such panels is due to the availability and simple monetization system, in which access to the functionality of the panel is provided in exchange for small commissions.
In parallel with Social Engineering, there is a Teletron panel that offers up to ten different templates, such as "Telegram Premium", participation in voting, cash prizes and others. In Teletron, users can track statistics, link domains, and put stolen data up for sale, receiving income depending on the demand for specific accounts.
One of the popular methods of attracting victims is deceptive advertising and posts on social networks. Such publications often include links to supposedly free "Telegram Premium" or "provator" leading to fake resources.
For WhatsApp users, there is a paid phishing panel called Wphisher, which allows you to create accounts with different levels of privileges, and also offers templates for fake resources with QR codes and voting. The Wphisher panel saves sessions in the format of Chrome profiles, which allows attackers to hijack victims' accounts and send fraudulent messages on their behalf.
An analysis by F.A.C.C.T. specialists showed that a significant part of phishing panels is focused on Telegram, which is due to the high demand for accounts of this messenger. The panels offer a variety of scenarios for cheating, including voting, subscriptions, and popular game themes. For WhatsApp, fake votes remain relevant, which are also used to deceive and hijack accounts.
To protect against such threats, messenger users are advised to use two-factor authentication, check links before going to third-party resources, and avoid entering codes from messages on suspicious sites. In case of unexpected logging out of your account, you should immediately contact technical support, terminate all third-party sessions and change your password.
Source
