Are you a Telegram user? Watch out for social media impersonation scams

SINGAPORE: Singapore authorities on Friday (Aug 31) warned members of the public about a new social media impersonation scam variant that involves the messaging app, Telegram. 

At least 50 people have fallen victim to the scam since January, with losses amounting to at least S$18,000 (US$13,300), said the Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) in a joint news release. 

This scam variant involves scammers taking control of the victims' Telegram accounts.

They do so by tricking individuals into providing their handphone numbers and Telegram-generated login codes. 

WHAT HAPPENS?

The scam can take several forms, using a compromised account of the victim's known contacts. 

Victims could be added to a secret Telegram chat by scammers pretending to be a friend or known contact. The victims are then asked to provide a screenshot of their Telegram chat history. 

"Unknown to victims, the screenshot will reveal a Telegram-generated login code because the scammers will simultaneously trigger a Telegram login code for the victim’s Telegram account," said the authorities. 

Victims may also be asked to help locate someone on Telegram by searching for specific usernames in their chat history and providing a screenshot of the search results. The screenshot would invariably contain a Telegram login code. 

Another method involves scammers asking victims to help verify or unblock the Telegram account of a contact that was restricted. To do so, the victims would send a request to a Telegram handle that is masquerading as a customer service bot. 

The bot would then either ask for the victims' details and their Telegram login codes, or send URL links masquerading as a verification button to allow their "friend" to log in to the victim's Telegram account. 

Victims may also be asked to help secure a free Telegram membership.

Scammers would trick them into participating by clicking on a link that allows the scammers to log into the victims' accounts. The victims would then lose access to their Telegram accounts. 

Once the scammers have taken over the Telegram accounts, they would proceed to target the victims' contacts. The scammers would repeat the same ruse to take over their Telegram accounts or ask for money to perpetuate the scam. 

"Victims would only realise they had been scammed after they discover that their Telegram account is no longer under their control or when the loan is not returned," said the authorities. 

In some cases, the scammers would have access to information, such as photographs and videos, in the victims' Telegram chats. The scammers would then use the information to extort money from the victims and their contacts. 

The authorities advised members of the public to adopt the following precautionary measures to avoid falling victim to such scams:

• Install the ScamShield App and set security features such as two-factor or multi-factor authentication for banks, social media and Singpass accounts.
• They should also set transaction limits on internet banking transactions including PayNow. 
• Any fraudulent transactions should be reported to their bank immediately. 
• Block and report the sender to Telegram. If the account has been compromised, report it to Telegram support and inform their family and friends so they do not fall prey to the scammers impersonating them
• They are also advised to report the Telegram takeover incident to SingCERT via the online incident reporting form.