Cybercriminals are taking advantage of the messaging platform Telegram by creating channels and groups where learning and commerce all can take place freely. We’ve long known the dark web to be the back shadowed corner of the Internet where cybercriminals go to do business. But now we’re seeing  marketplaces frequented by threat actors shifting to the open web. One of the latest is the continued misuse of messaging platform Telegram. 

But the latest iteration of Telegram’s use is that of a marketplace. According to security researchers at Guard.io, Telegram channels and groups are becoming a central repository for training courses, to malicious tools and services for sale.  In the article, Guard.io shows a very practical scenario of a cybercriminal wanting to launch a phishing campaign. They walk through how they are able to find and negotiate pricing on all the tools, data sets and services necessary to impersonate a national bank and potentially scam customers – all for just $230. It’s quite fascinating.

The Rise of Telegram’s Dark Markets

Telegram’s encrypted messaging and its ability to host large groups have made it an attractive platform for scammers. Dark markets have emerged on the platform, where scammers can buy and sell stolen data, phishing kits, and other tools of their trade. These dark markets operate in private groups and channels, often hidden from public view.

The rise of these dark markets on Telegram has made it easier for scammers to operate and has facilitated the spread of phishing and other fraudulent activities. It is important for users to be aware of the risks and to take steps to protect themselves.

How Scammers Operate on Telegram

On Telegram’s dark markets, scammers have access to a wide range of resources that they can use to carry out their fraudulent activities. These resources include stolen data, phishing kits, and other tools that can be used to impersonate legitimate businesses or organizations. For example, a scammer might purchase a phishing kit that allows them to create a fake login page for a popular online service. They can then use this fake login page to trick users into entering their login credentials, which the scammer can then use to access the user’s account.

Some of the reported groups that have been cited as distributing these resources include “Carding Area,” “Black Markets,” and “Dark Jobs.” These groups offer a wide range of illicit goods and services, from stolen credit card information to fake passports. By purchasing these resources, scammers can more easily carry out their fraudulent activities and trick unsuspecting users.

The Impact of Telegram’s Dark Markets

The rise of dark markets on Telegram has had a significant impact on the security of its users. Scammers have been able to steal sensitive information, such as credit card numbers and login credentials, and use it for fraudulent purposes. One way that scammers can use the resources available on Telegram’s dark markets to execute a phishing campaign is by purchasing a phishing kit that allows them to create a fake login page for a popular online service.

For example, a scammer might purchase a phishing kit that allows them to create a fake login page for a bank. They can then use this fake login page to trick users into entering their login credentials, which the scammer can then use to access the user’s bank account. The scammer might send an email to the user, pretending to be from the bank, and asking the user to log in to their account to verify their information. The email would contain a link to the fake login page, which would look identical to the real login page of the bank. Once the user enters their login credentials, the scammer would have access to their account and could steal their money.

These phishing kits need web hosts and email servers to operate. So they often rely on hacked websites to distribute messaging and host the fake login page. Using these Telegram marketplaces, a scammer might purchase access to a hacked website and use it to send phishing emails that appear to come from a legitimate source. This makes it even more important for website owners to protect their sites from being hacked.

Two Strategies to Protect Your Organization

As you might have figured out already, phishing attacks need access to email servers and web servers to be successful. And you probably aren’t going to see these actors sign up for their own hosting and email services to launch their attack. One very attractive target that can meet these needs are WordPress websites. The Content Management System is well documented and the most popular CMS on the web. There are so many improperly operated WordPress sites containing documented vulnerabilities out there that it doesn’t take much effort find a target. Hackers can use any number of useful tools like email addresses, password dictionaries, password breaches, and scripted bots to launch attacks against your site.

If your organization’s website runs on WordPress, it’s more important than ever to protect it from cyberattacks. This is a big reason why Inacom developed our Managed WordPress service. We provide a secure web hosting environment, audit your website during onboarding, and ensure your core and plugin updates are regularly applied. We also provide a Web Application Firewall at the server and application level to protect your site from cyber threats. By using a managed WordPress service, you can reduce the risk of your website being hacked and used to facilitate phishing attacks. We’re so confident in our ability to secure your site that our Managed clients will receive free restoration and remediation services if your site is ever hacked.

Another important strategy to protect your organization is Security Awareness Training. A vast majority of cyberthreats require the willing (though perhaps unwitting) participation of users to be successful. A formal training program will help your employees recognize and avoid cyberthreats.

Conclusion

The availability of these cyberthreats on Telegram’s dark markets make it easier for less sophisticated actors to carry out phishing attacks. By purchasing these resources, even inexperienced scammers can execute a phishing campaign with relative ease. For more professional scammers, the availability of these resources can make their attacks cheaper and more efficient. Expect the velocity and sophistication of phishing and malware attacks to increase over time as the marketplace for these types of tools continue to expand. Be sure to protect your online presence and implement a training program to avoid becoming a victim to these distributed hacking tools. If you need help, our Cybersecurity Professionals can design programs and services as a part of our Managed Services program.