Telegram scam targets Telegram users with fake photo-bot lure, warns security experts

Russian users of Telegram are being targeted by a fresh scam that masquerades as a feature to help find candid photos of friends and acquaintances. The message circulating through several channels claims to offer a bot that scans social traces for private images, drawing people in with the promise of uncovering personal moments. Reports on the tactic point to it as a phishing-driven lure rather than a legitimate service, with the aim of capturing login details and access to Telegram accounts. Experts describe this as a repeatable script: a convincing prompt, a call to action, and a believable justification for why sensitive material might be discovered. The core idea remains the same across variants, while the specific bait changes to fit different scenarios that might appeal to a broad audience. A key risk is that users are redirected to phishing pages that imitate legitimate login screens, and the supposed portal often asks for credentials under the pretense of gaining entry to an enhanced or adult version of Telegram. Security researchers highlight that the attackers exploit a familiar pattern to lower suspicion and increase the likelihood of successful data entry. A content analyst from Kaspersky Lab notes that the fraudsters frequently reuse the same type of fake authorization page, only swapping the story just enough to keep the scam looking fresh. The script typically presents two options: a search for private photographs tied to the individual or a sensational story about an online detective bot that supposedly aggregates incriminating or alluring material from the web. The promise of finding private images acts as the hook, while the realistic login prompt provides the means to steal credentials. In several observed variants, victims are invited to log into the system through Telegram first, then encounter a verification step that asks for a confirmation code. Entering that code on the fraudulent site hands control of the attacker over to the criminals, who can then access the user’s Telegram account and potentially other connected services. The overall tactic relies on a mix of familiarity, curiosity, and fear of missing out to persuade victims to proceed. In testing environments and public advisories, security teams stress that legitimate services never request password details or codes via third-party pages, and they advise users to verify the authenticity of any prompt before submitting sensitive information. Similar scams have appeared in different markets, with attackers adapting their storytelling to match local expectations. Reports from various security outlets indicate that these schemes shift with market conditions and user behavior, always returning to the same fundamental vulnerability: social engineering coupled with fake interfaces designed to capture credentials. The recommended defense is vigilance: never trust a prompt that asks for a password or a code, especially when the source appears unusual or asks for private content. Users should enable two-factor authentication, review active sessions regularly, and be cautious about any link that seems to promise access to personal photos or private material. When in doubt, it is prudent to pause, verify the source, and seek guidance from trusted security advisories. The pattern is not unique to one region; it reflects a broader tactic that cybersecurity professionals monitor across North American and European markets as well. Clear, repeated messages from security researchers emphasize that authentic platforms will never pressure users to divulge credentials through a separate page or bot. By staying informed and adopting basic protective habits, Telegram users can minimize risk while continuing to enjoy a connected experience. Attribution for the behavioral patterns and technical observations comes from Kaspersky Lab analysts and security researchers who track phishing ecosystems and social-engineering campaigns on messaging platforms. These insights help illustrate how fraudsters adapt their stories while maintaining the same risky core: credential theft through deceptive interfaces and manipulated prompts.