A new scheme has emerged in Telegram that aims to steal user accounts by targeting individuals rather than blasting a broad audience. This was reported by Izvestia in connection with the information security firm Jet Infosystems.
The attackers begin by researching a target’s social media footprint. They gather details from personal and professional life, such as education, employment history, hobbies, social circles, and daily habits. With this information, they seek to appear credible by reaching out as a friend or former colleague and invite the person to join a Telegram group under the pretense of soliciting help with online voting.
The group is crafted specifically for deception and is filled with fake members. The impersonator mirrors the target’s social tone, uses a real looking profile photo, and communicates in a familiar manner to build trust. Once the target is engaged, they are urged to click the 26vote27 button, which opens a phishing page that asks for a phone number and a confirmation code in an attempt to access Telegram under the banner of combating cheating. The moment those credentials are entered, scammers receive the data and seize control of the victims account.
When an account is compromised, the attackers can repurpose it for a range of harmful activities. They may send spam or phishing links to the victims contacts, attempt to harvest additional personal information, or demand extortion. In some cases, they can reset all active sessions, making it difficult or impossible for the rightful owner to regain access.
Cybersecurity experts note that this new method offers a higher chance of success than earlier schemes. By tailoring the approach to the individual and exploiting social trust, offenders can significantly increase the likelihood of cheating. The danger is particularly acute for channel administrators and influencers who manage large subscriber bases, as a compromised account can become a vehicle for disseminating malicious content at scale.
To reduce risk, users are advised to exercise caution with unfamiliar links and avoid sharing sensitive data with unknown parties. Limiting access to social profiles and avoiding posting personal details that could be exploited by scammers are practical safeguards. Being mindful of online connections and verifying requests before accepting them can also help protect accounts from this evolving threat.
In addition, it is prudent to review security settings on messaging apps, enable two-factor authentication where available, and monitor unusual login activity across devices. Keeping software up to date and using unique, strong passwords for different services further strengthens defenses against account takeovers.
Incidents of this nature illustrate a broader pattern observed by security researchers, including cases involving dating platforms where similar deception tactics have been used. The takeaway is clear: stay vigilant, verify requests, and maintain robust account protection across all popular channels.