Telegram marketplace scam: Where data thieves do business

January 28th · 9 min read

Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|
Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|

The Telegram phishing market uncovered

Nowadays, instant messaging platforms like WhatsApp, Telegram, and Facebook Messenger have become one of the central pillars of daily communications. They’re free, easy, and gif-filled fun. Be honest - it’s sometimes so much easier to send a message than actually have to have a conversation with someone… Ugh!

But, as super convenient as they are, some apps also come with a dark side that most people are unaware of. Ambitious criminals have figured out how to exploit the community nature of these apps, setting up marketplaces for the trading of stolen information and online scam kits. Yeah - you read that right. It seems the combination of easy communication and opportunity creates an ideal environment for finding new ways to scam good people out of their hard-earned cash.

Today, we're going to pull back the curtain on how easy it is to build an online phishing scam – something you never get to see (at least we hope you never get to see!). We'll expose the disturbing ease with which hackers can steal, con, defraud, and cheat, shedding light on the sophisticated tactics they employ.

And why exactly are we going to take you on this wild ride?

First off, let’s be honest, getting scammed online is a nightmare. It costs money, it takes up time, and it’s pretty scary, intrusive, and downright embarrassing. Here at Guardio, we see a lot of online scams - like, A LOT. We have an entire department that examines them to understand how they’re constructed, and we find it super interesting. Again - this is kind of what we do! - understanding and neutralizing scams.

And second, because we’re committed to online safety and believe that if you know more about scams - what they look like, how easy they are to set up - maybe you’ll be able to spot them better. If you’re using Guardio, then hey, no worries, you're already safe. If you don’t, you’re definitely going to reconsider after reading this article.

The focus of this article will be to show you how a hacker can literally “buy” a ready-made phishing scam via Telegram, set it up, and start earning. We’ll keep it as non-technical as possible. Ready? Let’s go!

Secure your online presence

Empower your digital safety against Telegram scams and other online threats with Guardio!

Telegram app

What’s Telegram?

Telegram is a cloud-based messaging app, widely known for its speed, security, and very tight privacy. On the surface, this all sounds great, right? Well, not exactly. Sadly, scammers have taken advantage of the platform and are using it to trade and sell stolen information, scam kits (yes, they exist - more about them later), counterfeit websites, and even illicit substances. You name it, and you’ll probably be able to get it on Telegram. It's a digital marketplace where, unfortunately, almost anything can be sourced. But wait, what’s a digital marketplace? We’re glad you asked!

Digital marketplaces

Unlike traditional marketplaces, where you would go to a physical store or market to buy your goods, in digital marketplaces, everything happens online. Digital marketplaces can be found on websites or mobile apps, and they connect sellers with buyers from all over the world. The evolution to digital marketplaces is amazing - offering convenience, connecting buyers and sellers from across the globe, and providing a diverse array of goods and services that were once only limited to local or specialized markets.

However, on platforms like Telegram, some groups and channels have evolved into informal, unregulated digital marketplaces, and we're not talking about online shopping sites like Amazon. These marketplaces specialize in trading stolen data, items, and services that were once the exclusive domain of the dark web. These dark markets take the convenience and anonymity praised in modern digital communication and twist them for illegal purposes.

Complex scamming operations

A few months back, the Guardio Labs team was investigating a Facebook phishing campaign nicknamed “MrTonyScam.” This led them to a large, sprawling network of Telegram channels actively being used as marketplaces for selling hijacked social media accounts, phishing websites, and scam kits. To clarify, Telegram is not an illegal marketplace, it’s simply a messaging app that’s being taken advantage of by scammers to trade stolen information. And this misuse of Telegram by scammers for their nefarious activities is, to put it mildly, quite alarming. What's more concerning is the startling ease of finding and accessing these scam kits on Telegram.

Take a look at this example of Telegram channels offering “VIP” courses and training for potential scammers.

Telegram channel

From manuals on how to create a scam page to exclusive VIP phishing scam packages, any one of these channels offers an array of “educational” resources for criminals. YES, you can find it all on Telegram, and it’s super easy for scammers to start a full-blown phishing attack just by using the resources found in these channels. That’s part of the reason that data breaches, phishing attacks, and other cyber crimes are on the news all the time - because they’re so easy to make. And cybercriminals are working overtime to create them.

If you’ve got Guardio on your devices, then you can breathe easy, you’re fully protected. Even if scammers send one of these phishing emails or a text with a dangerous link your way, Guardio will alert you and block it. Phew.

Detecting online scams can be tricky, but it does not have to be!

Guardio will do all the detecting for you, blocking any online threats that come your way.

Exploring a scam operation, step by step

So, just how easy is it to buy and create a phishing scam on Telegram? Well, it’s pretty easy… To launch a phishing attack, scammers first create a fake web page, a.k.a. "scampage" and then find hosting for it. They then spread the scam via targeted emails. Lastly, they seek ways to profit from their deceitful actions. Surprisingly, all these components and more are readily available on the dark side of Telegram, often inexpensively or free.

Step #1 The “scampage”

Telegram’s channels used as a marketplace for scammers offer an extensive array of pre-made scampages adaptable to a wide range of brands. From financial institutions and social media networks to cryptocurrency services and even local pizza shops, Telegram has it all, and it’s incredibly easy to access.

Telegram market place Scampages offered for known brands worldwide

Take this Bank of America scampage (image below). To the unsuspecting eye, this site looks totally legit, but actually, it’s not only fake but also designed to capture unsuspecting people’s login details and send that information right back to the scammers.

Bank of America Fake scam page A “Bank Of America” themed scampage (Phishing website)

Scampages come loaded with advanced features, including the ability to bypass two-factor authentication (2FA) or one-time passwords (OTP), anti-bot systems, and anti-scanning technology. The pages also have a feature to send the stolen data back anonymously via Telegram. Put simply, these pages have the ability to dodge security features, steal info, and send it back directly to the scammer. The cost? Scampages can start at about $10 for basic versions, and for the more sophisticated pages that include real-time account hijacking, the prices can climb to hundreds of dollars.

 Bank of America scampage The Bank of America scampage

Step #2 The right messaging

Phishing emails, or "Letters," as they’re dubbed in the scamming community, need to seem legit, professional, and authentic, often matching the look of the scampage to fool people into believing they are genuine communication from real organizations like banks. If the scammer is lucky enough or pays the right amount, they can get scampages that come with a "Letter" matching the scampage - ready to use.

Step #3 Finding victims

For the scam to really hit home, scammers focus on getting the right 'leads' – think of these as the perfect crowd to pitch their scam to. They're not just shooting in the dark, these lists often include not just emails, but names, phone numbers, and sometimes even social security numbers, helping make the scam seem more personal and convincing. It's this tailor-made approach that really ups the game, making the scam way more convincing. Often, scammers buy these detailed lists from scammers on platforms like Telegram, where they find exactly the kind of people who are more likely to fall for their tricks.

Scam kits

The steps for executing online scams we've just discussed might seem daunting, but they're actually quite accessible through 'scam kits'. These kits, often found on Telegram channels taken over by scammers, bundle all the necessary tools into a single package. They make it easy for even those with limited tech skills to orchestrate scams, providing everything from phishing sites to email scripts. The convenience of scam kits simplifies the whole scamming process, turning what might seem like a complex operation into something much more manageable.

Types of Telegram scams to look out for

By this point, you've probably got the lowdown on how scammers use platforms like Telegram to orchestrate their deceitful activities. They utilize Telegram not as the fishing spot for their scams but as a tackle box to gather information and craft sophisticated phishing kits to execute elsewhere. In these deceptive phishing expeditions, the bait comes in the form of too-good-to-be-true investments or tales from your long-lost uncle with a sudden financial crisis - their ultimate goal? To drain your wallet. Here’s an overview of the types of scams these cybercriminals prepare by leveraging information collected through Telegram:

  • Investment scams: "Turn $100 into $1000 overnight!" Sounds too good to be true? That's because it is. These scams lure you with promises of massive returns on investments in crypto or other ventures.

  • Impersonation scams: Suddenly, someone claiming to be a friend or a relative is in dire need, and only you can help by sending money. Spoiler alert: It's not them.

  • Lottery scams: Congratulations, you've won a lottery you don't remember entering! To claim your prize, just pay a small fee. And just like that, the only prize you receive is a lesson in gullibility.

  • Fake merchandise sales: Selling high-demand goods at incredibly low prices, these scammers disappear into the ether once you've paid, leaving you waiting for a delivery that will never arrive.

  • Phishing links: Click here to verify your account! Except the only thing verified is the scammer's access to your personal information after you've clicked on their malicious link.

With all the sketchy scams floating around on Telegram, it's like navigating a minefield blindfolded. But here's the good news: a dash of skepticism and a solid shield of Guardio protection can turn you into a scam-dodging ninja, keeping those pesky scammers away.

The bottom line

As you can see, starting a phishing operation can be surprisingly easy and cheap, meaning anyone could potentially do it, even without deep criminal connections. Platforms like Telegram have lowered the barrier to entry for cybercriminals, offering tools and resources for phishing at little to no cost. Anyone with basic internet knowledge can find what they need to launch a phishing scam.

As phishing campaigns become cheaper and easier to start, it's increasingly important for you to have strong digital protection like Guardio. Guardio’s browser extension helps you by blocking dangerous sites and alerting you to phishing emails and other threats. Plus, the Guardio mobile app keeps you safe from SMS phishing attempts and blocks sketchy websites, ensuring your security wherever you are. If you haven't tried Guardio yet, there's a free 7-day trial available. You can choose to keep it or cancel anytime, no strings attached. Stay safe, secure, and smart.

Can you tell if an email or website are real or fake?

With Guardio, you don’t need have to - It’ll block any online threats that come your way.

Be the first to know!

Subscribe to our exclusive mailing list and get the freshest stories from the Guardio team

You may also like