In a recent cybersecurity report, Guardio Labs researchers Oleg Zaytsev and Nati Tal exposed the concerning trend of the "democratization" of the phishing ecosystem, pinpointing Telegram as a central hub for cybercriminal activities.
Telegram, once considered a secure messaging app, has transformed into a dark and well-organized supply chain where experienced cybercriminals and novices exchange illicit tools and insights. The platform facilitates the exchange of free samples, tutorials, and kits and even provides access to hackers-for-hire, offering all the elements necessary for constructing comprehensive malicious campaigns, according to The Hacker News. The researchers reveal that threat actors can now organize mass phishing attacks for as little as $230.
Beware of Telekopye in Telegram Marketplaces
Kaspersky's April 2023 findings highlighted the use of Telegram by phishers to educate newcomers about phishing and advertising bots capable of automating the creation of phishing pages to harvest sensitive information like login credentials.
Among these threats, Guardio Labs points out the malicious Telegram bot, Telekopye (aka Classiscam), which specializes in crafting fraudulent web pages, emails, and SMS messages for large-scale phishing scams.
Guardio Labs emphasizes the ease with which building blocks for phishing campaigns can be procured on Telegram at varying prices, including some offered for free. This accessibility enables the setup of scam pages through phishing kits, hosted on compromised WordPress websites via web shells, and the use of backdoor mailers to send deceptive emails.
Read Also: Ford Faces Scrutiny: GOP Lawmakers Demand Probe into Chinese Ties to Michigan Battery Facility
To amplify the success of these campaigns, digital marketplaces on Telegram offer "letters," expertly designed templates that lend authenticity to phishing emails. The platform also serves as a repository for bulk datasets known as "leads," containing valid email addresses and phone numbers, sometimes enriched with personal information.
In November, a News18 report revealed the deployment of Telekopye by scammers and hackers for large-scale phishing scams. The hackers employed various strategies, such as creating additional photos for nonexistent items and meticulous planning based on target characteristics, to enhance the success of their scams.
Vigilance Against Cyberattacks Strongly Urged
Guardio warns that site owners have a dual responsibility to protect their business interests and prevent their platforms from unwittingly hosting phishing operations and other illicit activities.
The report concludes that, unfortunately, with a small investment, anyone can initiate a significant phishing operation, irrespective of prior knowledge or connections in the criminal underworld.
Social media account credentials can be sold for as little as a dollar, while banking accounts and credit cards could fetch hundreds of dollars based on their validity and funds.
Experts emphasize that cybersecurity protection extends beyond human conduct. A key technological safeguard that users and companies can implement is multifactor authentication (MFA), which protects against online attacks. According to a Forbes article, MFA adds security layers like a supplementary, one-time password via SMS, a physical token, or a biometric ID to a login and password.
However, even with strong two-factor authentication, people may mistakenly provide additional authentication data, especially in compelling phishing emails. Thus, "trust but verify" must be reinforced. Moreover, fake emails that induce workers to break from conventional practices, even from reputable sources, should be addressed in anti-phishing training.
Related Article: Cyberattack Strikes Fulton County Amid Trump Election Interference Trial
