A surge in demand and interest in a project always attracts the attention of bad actors, and Telegram, with its trending mini-apps, is no exception. Degens and newbies who recently stormed into the crypto world on the ‘tap-to-earn’ wave easily get caught into well-known traps led by a thirst for money and FOMO.

Discounted Telegram Stars

Reportedly, recently launched in-app coins, Telegram Stars, is being used to steal users’ data, including access to the Wallet. Scammers offer users different ways to purchase coins, bypassing the App Store and Google Play platforms, which charge a 30% commission.

A security company expert explained that they register names consisting of Telegram, Stars, and Ton words and offer help with purchases.

Apparently, there is a far safer way to bypass the commission: Durov promised from the beginning that it would be possible to purchase Stars via the verified @PremiumBot, which used to sell premium subscriptions at a discounted price. While the bot doesn’t directly offer Stars, users can access this option via the desktop version and pay for the coins with a bank card with no commission. 

Fake Listings and Airdrops

Hamster Kombat, Blum, and other trending mini-app users have become subject to another type of scam: fake channels and groups spread information about the long-awaited airdrop or listing and ask users to connect their wallets to receive incentives or exchange their in-game coins. Reportedly, even some influencers have been involved in these schemes on occasion. The projects recommend that users beware and double-check everything, but at the same time, they ‘promote’ this type of scam by repeating promises to mint tokens. 

🥷
Not only is Telegram used to steal data, but also to distribute content related to data breaches. Reportedly, this summer, 361 million unique email addresses and passwords were leaked via Telegram channels.

Other popular Telegram scams include fake admin and tech-support accounts that often respond to public queries in groups and comments below channel posts, attempting to lure victims into sharing sensitive information or redirecting them to phishing sites. Malicious bots, such as SMSRanger, impersonate businesses or banks and trick users into providing personal information, login details, and OTP codes. As is typical for messengers, ‘friend-in-need’ and romance scams also remain widespread.

Also on the rise is a new wave of pump-and-dump schemes, fake giveaways, Toncoin pyramid schemes, and sham investment opportunities promoted through Telegram. The fresh, excitable audience eagerly takes the bait, unlike the old guard who have been hardened by past experiences. For example, a malefactor asks the victim to transfer a small amount of money to invest in some rare opportunity with high yields and then does indeed pay the user back with profit as promised. After repeating this process a couple of times, the malefactor offers to take 'beneficial collaboration' to the next level and sends a proposal with a higher entry threshold, but this time - surprise, surprise - never returns the money.

The official TON blog also mentions fake surveys and job offers that aim to steal personal info and ad scams that redirect users to fraudulent bots. In addition to double-checking and two-step verification, users should generally avoid 'get-rich-quick' schemes.

Earlier, we observed that while freedom is positioned as Telegram's main advantage, it also has a dark side. For example, anonymous blockchain numbers introduced in 2022 leave almost no chance to trace malicious users. The intuitive and free launch of chatbots is another feature that attracts malefactors.

Share this article
The link has been copied!