Telegram Scams: Fraud Schemes with Crypto You Should Know

Telegram scams have proven to be persistent and effective, with over 60% of targeted traders on this platform losing their funds

Paper plane carrying a bag of bitcoins
WhatsApp ranks second in terms of scam attacks that result in financial theft among other messaging and social media apps

According to a March report by financial news and research platform Finance Magnates and FXStreet, WhatsApp and Telegram scams are highly effective at stealing funds from potential victims. Scammers active on each of these platforms managed to steal money from around 60% of targeted users.

"The survey, which involved 631 traders, revealed that 60.09 percent of traders targeted by scammers on Telegram lost funds," Finance Magnates reports. Additionally, "The figure is 59.6 percent for traders on WhatsApp, 56.2 percent for Facebook, 51.8 percent for Instagram, and 50 percent for SMS."

A particularly concerning aspect of these results is the effectiveness of the Telegram scams they reveal. Despite previous identification of Facebook as the primary platform for scammers targeting traders, recent research paints a different picture, indicating that traders on Telegram are significantly more vulnerable to losing funds.

Read also: How Legitimate Crypto Recovery Companies Work: Opinions about Jurat, Crypto Asset Recovery, and CNC Intelligence Review

Considering that Telegram is one of the most favored platforms among cryptocurrency traders, it becomes crucial to understand the various Telegram scams threatening the crypto community.

How can you get scammed on Telegram? Read on to learn more in this article.

Telegram bot scams

Phishing scams pose a significant threat to the cryptocurrency community, resulting in nearly $173 million in damages in Q1 2024, according to anti-scam solution Scam Sniffer. Telegram, in particular, is a favored platform utilized by phishing scammers.

In 2023, Olga Svistunova at Kaspersky, a leading cybersecurity company, reported that scammers have become adept at using Telegram for automating their activities and providing various services, from selling phishing kits to assisting with setting up custom phishing campaigns to anyone willing to pay.

Svistunova highlighted Telegram bots as popular tools widely used by phishing scammers. These bots serve as functional tools but can also be malicious instruments, allowing scammers to effectively automate scam campaigns. On scam creators’ channels, criminals can access a phishing bot that helps users build their own bots capable of capturing data from users who follow links to a phishing site and attempt to log in to fake websites.

Svistunova explains that setting up a new bot on Telegram is a simplified automated process that does not require advanced technical knowledge. By feeding the token of the second bot to the original bot, scammers can generate a set of links that redirect potential victims to malicious websites, often mimicking popular services.

Svistunova also provides an example of the malicious pages generated by a Telegram scam bot, stating, "A victim who clicks a link in a message that promises, say, 1,000 likes in TikTok will be presented with a login form that looks like the real thing," emphasizing that "The page typically contains nothing besides that form."

Top social media platforms where scammers target traders
Source: Financial Magnates, FTXStreet

Phishing scammers luring new scammers

Interestingly, Telegram phishing scammers not only lure potential victims but also promote themselves in a dedicated Telegram group. According to Svistunova, it is quite typical for cybercriminals to offer suspiciously generous deals on scammer-operated Telegram channels. They may share ready-to-use phishing kits targeting a wide range of global and local brands or distribute stolen personal data labeled with tags indicating whether the data has been verified.

While it may seem counterintuitive for scammers to share valuable data, this practice entices inexperienced criminals, allowing them to try out these tools and potentially carry out their first scams. Exposure to powerful scam opportunities motivates beginning scammers to seek more advanced, paid content from scam kit providers.

Moreover, this practice helps scammers build an unpaid workforce. By teaching others how to use their phishing tools, kit creators gain access to even more data, expanding their operations and potential profits.

Read also: Everything You Need to Know about Revoking Approvals and Revoke.Cash

Copycat phishing Telegram scam

While bots can enhance the effectiveness of phishing scams, they are not a necessary component of Telegram fraud, which can also be conducted in a more traditional way. Threat actors commonly craft replicas of authentic Telegram channels or use the identity of popular projects or crypto influencers to deceive potential victims. Some of these scams may be rather primitive, with mere attempts to adopt identities similar to their legitimate counterparts, while others meticulously replicate pinned posts. You may also come across a particularly elaborate fake Telegram account empowered by identity theft.

Although some of these channels might appear particularly similar to authentic ones, closer examination often reveals discrepancies, particularly in their names. Additionally, many such scam projects are designed to prevent users from engaging in chat conversations.

Similar to Telegram app scams conducted with the help of bots, these frauds often advertise luring offers such as discounts, airdrops, rewards, contests, and flash sales, creating a sense of urgency to promote engagement. Admins of such channels, as well as their subscribers, often attempt to motivate potential users to click on suspicious links.

Fake cryptocurrency and NFT experts

While mimicking popular accounts is a preferred strategy widely used by Telegram scammers, not all threat actors choose this path. One of the favorite alternative options for Telegram crypto scammers is setting up an expert Telegram account that aims to appear as a legitimate source of information in the investment field.

Several scenarios exist for stealing money from potential victims through this strategy. Some scammers pretend to be knowledgeable specialists selling exclusive services that promise to turn cryptocurrency investors or traders into millionaires. Another popular strategy adopted by fake experts is cooperating with exit scam or honey pot projects, supporting their promotion.

Fake technical support specialists

Cryptocurrency exchange chat rooms are frequented by fraudsters with counterfeit accounts designed to mimic genuine platforms, closely monitoring user inquiries. They wait for unsuspecting users, particularly those with an urgent need for technical issue resolution, to appear in the chat.

At this moment, criminals often send direct messages to these individuals, offering assistance in expediting responses from the technical support team. Unfortunately, they are likely to request personal information, putting users' funds at risk. Alternatively, a Telegram scammer's account may also distribute suspicious links to those seeking technical support.

Fake Web3 project insider Telegram account

The Telegram space is also filled with scammers pretending to be Web3 project insiders. Similar to fake cryptocurrency experts discussed earlier, these threat actors aim to impress potential victims with their supposed knowledge and create a false sense of a source of exclusive information. However, in this case, the "knowledge" is presented as insider information unavailable to anyone else except the fortunate Telegram users keeping in touch with the scammer.

This exclusive information indeed is not available on the company website or its official social media accounts as it is simply not true. This strategy can facilitate phishing attacks and deliver malicious links, promote bogus projects, or manipulate market sentiment.

Telegram scams targeting high-profile cryptocurrency users

ICODA, a blockchain marketing company, reports a more advanced form of Telegram scam that lures potential victims with promises of lower rates for exchanging cryptocurrency. This strategy targets owners of substantial amounts of cryptocurrency or those actively engaged in trading, who are more likely to seek ways to reduce transaction fees.

VIP groups on the Telegram app

To gain contact with such users, criminals exploit their insider connections within exchanges. These criminals establish VIP Telegram groups, where, as per ICODA, potential victims are requested to "write a review evaluating the fee structure of the top coin exchanges, and they can also access an Excel file with a data comparison table."

However, the file that is supposed to contain a comparison table is actually a backdoor for malware, granting remote access to the victim’s device. The final target of criminals is credentials and seed phrases, which can be found through research across the device or implementation of spyware riskTools, such as keystroke recorders that capture details shared during online sign-in processes.

Scam victims on social media platforms
Source: Finance Magnates, FTXStreet

Fake job offers and interviews

Telegram is also a common place for scammers attempting to deceive potential victims with fake job offers.

Criminals involved in job scams commonly masquerade as recruiters or employers, particularly targeting individuals seeking crypto-related employment opportunities. These criminals may spread malicious links under the guise of scheduling slots for interviews or aiming to steal personal information.

Others require upfront payments for supposed training materials or background checks, exploiting the eagerness of job seekers to secure employment.

Telegram scam account posed as a journalist

Similarly to offering fake employment opportunities, scammers often use Telegram to conduct fake journalist interviews. While the former targets people looking for jobs, particularly those less experienced and with an urgent need for employment, the latter is earmarked for Web3 influencers who are more likely to believe in receiving an invitation to participate in a journalist interview.

These scams often promise exposure or coverage in prominent publications within the crypto and blockchain space, enticing influencers with the prospect of gaining visibility and credibility. However, the real intentions of fake journalists are extracting personal information or committing financial fraud.

Read also: Remote Seizure of Cryptocurrency Assets Sets Precedent in Taiwan's Judicial History

Pig-butchering scams

Love-bait scams also thrive on Telegram, where romance scammers manipulate the emotions of unsuspecting individuals seeking romantic connections. This phishing scam involves crafting elaborate personas, sometimes incorporating stolen identities, to provoke interest in forming relationships with targets. Such scams can take a substantial period of time, which has led to the term "big-butchering."

Direct theft through love-bait scams on the Telegram app

Throughout the gradually growing relationship, criminals put effort into building trust with their victims. Once a strong emotional bond is established, they exploit the victim's vulnerability, often fabricating urgent financial needs or emergencies that can supposedly be satisfied by payments in cryptocurrencies.

Romance scams coupled with fake investment opportunities

Alternatively, Telegram scammers may subsequently move to discussions of investment topics, suggesting lucrative options to unsuspecting victims. True experts in the deceitful practice of romance scams will even take the step of making investments together with their target first to demonstrate the efficiency of the strategy they are advocating. However, despite any initial profits, unsuspecting Telegram users who get lured by the false sense of connection will inevitably lose their money once they invest substantial funds.

Telegram scams designed for identity theft

As a Telegram user, you should be aware of the fact that one of the primary objectives of fake Telegram channels and other scam strategies is identity theft on Telegram. Identity theft in turn does not necessarily mean that someone is going to become your imposter. Actually, the theft of sensitive information such as bank account logins and other login credentials, credit card numbers, Social Security numbers, and session cookies can all be found under the umbrella of identity theft.

However, high-profile cryptocurrency users can also become victims of the Telegram app scam aiming to gain login credentials to accounts on another social media platform or messaging app, which can be further abused for fraudulent schemes. With access to a social media platform account of a reputable crypto influencer, scammers can reach out to many more followers than in the case of creating lookalike accounts and trying to trick users to gain their trust first.

How to avoid Telegram crypto scams?

The multitude of opportunities scammers find on Telegram to deceive cryptocurrency users can feel overwhelming, making it especially difficult to ensure one's safety. However, several recommendations can at least slightly minimize your chances of being exploited by Telegram scammers.

1. Do not share personal information

It can be tough to differentiate between legitimate accounts and impersonators on Telegram. Regardless of the Telegram group you find yourself in, avoid sharing any personal information on this platform. Any requests for personal information or payments should raise red flags.

2. Configure your group invite settings

Limit invite options only to users who are already on your contact list. This significantly reduces the probability of joining a fake group.

3. Do not fall for unrealistic offers

Unrealistic offers, such as lucrative airdrops or guaranteed profits, are often bait for scammers seeking to exploit unsuspecting individuals. Remain skeptical and cautious.

4. Always verify admins' identities

Even in legitimate Web3 project Telegram groups, stay vigilant while interacting with admins. Scammers often masquerade as admins to deceive users into sharing personal information or clicking on malicious links.

5. Do not click on files from unknown users

The recent news about the vulnerability in the Windows desktop Telegram application, although already addressed, highlighted the potential dangers of clicking on files delivered through this platform.

The issue, stemming from a typo in the Telegram for Windows source code, allowed the execution of Python .pyzw files without triggering Telegram warnings. Consequently, executable files sent through Telegram would begin running upon clicking on them, provided their extension was not blacklisted by the app and the device had the necessary software to execute the file. Specifically, Python scripts could only be executed on machines with Python installed.

With all these conditions met, the file would be executed without issuing a warning. As mentioned above, Telegram has already resolved this issue. However, there remains a slight chance that a malicious script with an extension not blacklisted by the app may still run on your device. To mitigate this risk, stay vigilant about data shared through Telegram, which may be disguised as media files. Avoid rushing to click on them.

Scams on other messaging apps and social media platforms

While Telegram has been identified by Finance Magnates and FXStreet as the platform with the highest rate of scam attacks, the review also shows that it is Facebook where most survey participants (nearly 35.8% of 631 traders) encountered financial fraud. Despite Facebook scammers appearing to be less successful in stealing money from their potential victims, this platform outpaced Telegram by 4% in terms of the frequency of attacks, with 39.8% of participants reporting scam encounters on this social media app. Based on the research data, WhatsApp had an even lower rate of scams, with only 25% of reported scam attacks.

For Instagram, this figure equaled 21%, while for X (former Twitter), it was as low as only 11%. To many X users, this number may appear too small, as this platform is particularly occupied by scammers despite the efforts of its team to make it a safer place. However, it is essential to note that the results of the research should not be viewed as universal truths, as they may be influenced by the demographics, lifestyles, and preferences of the participants.

Further studies by Finance Magnates and FXStreet on the topic of financial scams on social media found that in their survey group, most traders who encountered fraud were foreign exchange (Forex) traders, whereas cryptocurrency traders were the minority. Nearly 78.6% of respondents claiming they were targeted by scammers were Forex traders, whereas only 20.1% of them traded either cryptocurrencies or stocks.

Interestingly, 35% of participants reported clone brokers and signal providers as the most frequently encountered financial fraud on social media platforms. Investment and Ponzi schemes were reported by 31% of surveyed traders, whereas 24% of respondents claimed they faced phishing emails or messages most often. Only 10% of traders stated that they encountered fake news most often.

The participants of the survey by Finance Magnates and FXStreet were also asked about the ways in which they usually identify a potential scam.

For most traders (35% of respondents), red flags in communication, particularly pressure tactics creating a feeling of urgency, were the most effective way to distinguish fraud. Requests for personal information, including credit card and bank details, were mentioned as the major warning sign for 20% of surveyed traders.

A slightly smaller group of traders (19%) stated that they preferred making their own research mainly based on external reviews or related forums. Meanwhile, 13% of users found it particularly suspicious when they were asked for cryptocurrency payments. Finally, the same number of respondents claimed that they found it difficult to identify scam attempts.

Responding to the measures the traders would take if fallen victim to financial fraud, a majority of 24.5 percent of respondents would improve their online security measures. Finance Magnates also asked the participants to share their actions after encountering fraud. Another 20.7 percent would contact their bank or financial institution for assistance, while 17 percent would not act. Finance Magnates added, emphasizing that "Only 15.7 percent would go to law enforcement, while 5.7 percent would seek advice for legal action."

For the majority of the survey participants (42%), official regulatory websites constitute the primary source of information used to learn about online financial fraud. Nearly 38% of respondents use financial news or educational websites for this purpose, whereas 20% rely on social media and community forums.

Bottom line

Telegram scams, particularly those involving cryptocurrency, pose significant risks to users. Scammers have managed to steal funds from a majority of targeted individuals, as revealed by recent research. Phishing scams utilizing Telegram bots have become increasingly sophisticated, allowing scammers to automate their activities, lure victims into providing sensitive information, and expand their operations and potential profits by recruiting and training new scammers.

Since a significant number of targeted individuals have fallen victim to these fraudulent schemes, it is essential to exercise heightened caution when navigating the crypto space on Telegram and to stay informed about newly emerging scam techniques.