Telegram is increasingly being used by phishing actors to market their products and services or recruit unpaid helpers, according to cybersecurity firm Kaspersky.
Researchers at the company have observed a community forming around the topic of phishing on the messaging platform, with actors selling all types of phishing material and services, including fake pages, subscriptions to tools, guides, and technical support. Phishing-as-a-service (PhaaS) subscriptions are also being offered, providing access to tools, beginner guides, technical support, and regular updates for anti-detection systems.
Kaspersky has detected over 2.5 million malicious URLs generated using phishing kits in the past six months, and prevented 7.1 attempted accesses by users of its products over the same period.
The use of Telegram not only makes operations easier and more profitable for sellers, who now have the platform’s bots do all the work for them, but also lowers the barrier of entry for inexperienced threat actors or aspiring phishers, easing their access into this crime space.
Some vendors encrypt stolen data to protect their reputation, and the messaging platform is also used by more experienced phishers to provide step-by-step instructions to generate a phishing page.
The process is fully automated and generates links to fake websites that mimic popular brands and services. This setup allows the experienced phisher to groom a potential customer and grab a copy of the data.
The use of Telegram for phishing reflects the uncontrolled proliferation of kits and services and the thriving business backing it, according to Kaspersky.
While the messaging platform has been used for cybercriminal activities for several years, it appears that threat actors in the phishing business have started to rely on it more lately.
