The incidence of fraud attacks targeting Russians related to Telegram Premium rose by about 2.3 times in 2023 versus 2022, according to findings cited by the Izvestia newspaper, which referenced data from information security experts. The trend highlights a growing threat landscape around popular messaging features and the clever ways cybercriminals attempt to exploit user trust during transitions to paid service tiers.
For example, researchers noted that the number of phishing domains linked to Telegram Premium subscriptions in January of this year reached 21. By contrast, the entire month of January 2023 only saw nine such domains, according to Igor Bederov, who leads an information and analytics research department at a company called T.Hunter. The numbers illustrate a sharp escalation in the volume of malicious sites impersonating legitimate Telegram interfaces in a relatively short time frame.
Similar figures were presented by cybersecurity firms Bi.Zone and Solar, as well as by regional coordination centers covering RU/RF areas. The convergence of insights from multiple independent sources reinforces the reliability of the observed trend and underscores the breadth of this issue across platforms and regions.
Experts explain that attackers leverage social engineering strategies to lure users to counterfeit sites that replicate the Telegram Premium interface. On these fake pages, attackers seek to steal login credentials and other sensitive information. A common lure involves push notifications claiming that a Telegram Premium subscription is available or about to expire, prompting users to act quickly before thinking through the legitimacy of the request. This sense of urgency is a classic tactic designed to bypass careful scrutiny by prospective victims.
Analysts argue that several factors contributed to the uptick in these fraud attempts. The popularity of Telegram Premium as a sought‑after gift in certain markets has created a ripe target for scammers who want to capitalize on the excitement and social pressure surrounding exclusive features. In some cases, fraudulent campaigns piggyback on legitimate promotional tools or sweepstakes that promise free or discounted access to the premium tier, further blurring the lines between authentic offers and fraudulent ones. As scammers expand their playbooks, users encounter more sophisticated impersonations that mimic official Telegram interfaces, warning banners, and login flows, making careful verification essential wherever users encounter such prompts.
To reduce risk, security professionals advise a combination of user education and rigorous technical controls. Users should always verify the URL in the browser address bar, look for signs of legitimate Telegram activity such as verified account indicators, and prefer official app stores or direct in‑app prompts when considering any subscription changes. Enabling two‑factor authentication adds a solid layer of protection, while monitoring for unusual login locations and sudden changes in account behavior can help identify breaches early. Additionally, maintaining updated device security, avoiding clicks on unsolicited messages, and reporting suspicious activity to platform providers can meaningfully diminish the likelihood of falling prey to such schemes. Staying informed about the latest fraud patterns, such as new phishing domains or fake notification tactics, remains a key defense for users who rely on Telegram for daily communication and collaboration.