Billing itself as a fast and modern cloud-based messaging app, Telegram is a major competitor to Signal and WhatsApp, with more than 700 million active users. Privacy represents Telegram’s biggest draw. Users have the option of protecting their chats with end-to-end encryption and even setting messages to self-destruct.
Unfortunately, these privacy features add a layer of obfuscation to criminal transactions and activity, making both digital forensics and threat intelligence notoriously difficult; a recent study found Telegram is the preferred communication tool of cybercriminals for precisely this reason.
Moreover, Telegram’s encryption does little to address the security, regulatory, and liability risks your business could face if employees use the platform in violation of company policy. If you’re unprepared, you won’t even know your people are using Telegram in the first place. That’s the bad news.
The good news is that it is possible to mitigate Telegram’s risks — provided you understand those risks.
The Five Most Significant Business Problems Posed by Telegram
1. Safety-Free Digital Collaboration
Telegram makes it easy for your users to collaborate both internally and with third parties. It fully supports most communication methods with few restrictions, including phone calls, video and audio sharing, and text chat. Telegram chats that happen behind your security team’s back also happen without oversight or protection.
This means no data leak prevention, no malware scans, and no access control. Remember also that Telegram’s Secret Chat feature must be enabled. Users could well share confidential data without end-to-end encryption, putting it at risk of falling into the hands of unauthorized and unscrupulous third parties.
2. Anonymity for All
As befits an app that sells itself on privacy, Telegram requires next to no personally identifiable information from its users. Creating an account requires only a phone number, and users can connect and chat with one another by username alone. One need not even use their real first and last name during the on-boarding process.
With that said, Telegram does request certain permissions that give it access to personal data. On mobile devices, these include access to location, contacts, and files. Fortunately, Telegram functions perfectly well without these permissions—meaning you only share this data at your own discretion.
Telegram’s anonymity also makes it functionally impossible to find your employees on the platform if they don’t want to be found, especially when you consider the platform’s end-to-end encryption.
3. Encryption Isn’t the Safety Net You Think
Telegram heavily markets its end-to-end encryption, emphasizing that it keeps user data safe and secure. Chats, files, and posts are only accessible to authorized parties, encrypted by private keys stored on the user’s device. Not even the platform’s developer can view private data or messages.
This means that activity on Telegram may potentially be shielded from everyone. It also means that Telegram effectively masks scams, criminal activity, and fraudulent sites from both security solutions and law enforcement. Unfortunately, there’s no direct way to address this issue — even if Telegram could provide unauthorized access to its encryption keys, there’s no way it ever would.
Doing so would fundamentally break the platform’s security.
4. Criminal Coordination
Telegram supports groups and channels of up to 20,000 users—referred to by the app as Super Groups. This makes Telegram quite well suited for company-wide broadcasts and conversations. It also means that Telegram is an ideal choice for anyone who wants to get around an organization’s glacial communications pipeline.
Unfortunately, this feature combined with Telegram’s anonymity means it’s the perfect place for threat actors to organize, collaborate, and coordinate with one another. It has even begun to supplant the dark web as the preferred marketplace for scams, malware, and stolen data and credentials. Fortunately, while many threat actors leverage secret chats to support their illicit activities, many of their most prominent forums on Telegram are public.
There are multiple Telegram channels on which criminals can buy and sell malware, conscript one another’s services, share/sell access to sensitive data or assets, and discuss tactics, techniques, and procedures. Each of these channels leaves its own trail of digital breadcrumbs one can use to identify, monitor, and mitigate threats. As such, organizations with the required resources now leverage these channels for threat intelligence — it’s how Microsoft was able to fend off an attack by ransomware gang LAPSUS$.
Sadly, most businesses don’t have that kind of reach, meaning they’ve little choice but to fly blind.
Fraud is another major problem with Telegram, and one that runs rampant.
Diligent scammers leverage a combination of public information and stolen assets to pose as legitimate organizations, creating fraudulent channels and groups designed to dupe customers in a multitude of ways. These lookalikes are often convincing enough that they’re indistinguishable from the genuine articles at a glance. They frequently even act as forums for actual discussions about a product, business, or brand.
People often don’t realize anything is amiss until the scammers begin hooking unsuspecting victims. Sometimes, that involves stealing personal information and financial data. In other cases, it involves the sale of counterfeit products billed as authentic — or else marketed as cheaper alternatives.
Some threat actors are also taking advantage of Telegram’s Bot feature to cast an even wider phishing net, leveraging the platform’s own AI to imitate customer support professionals from legitimate companies on a massive scale.
Left unchecked, these activities all have the potential to considerably damage your company’s reputation.
How To Protect Against Telegram Scams
There’s no denying that Telegram is an attractive app for business users exhausted by cumbersome IT controls and bottlenecked solution pipelines. Unfortunately, there’s also no denying that it’s a valuable tool for threat actors looking to expand their reach while streamlining their criminal activities. The platform is a double-edged sword in every sense of the word.
Here are three steps to build education and ensure good security posture of employees on Telegram:
- Make sure that all employees who use the app are aware of the potential risks and have been trained on how to identify and avoid scams and other forms of criminal activity on the app. This can help to prevent employees from falling victim to scams and other types of attacks.
- Always protect your organization by enforcing the use Telegram’s built-in security features. For example, you can enable two-factor authentication for all employee accounts, which will add an extra layer of protection to prevent unauthorized access. You can also use the “Passcode Lock” feature to add a passcode to the app, which will prevent anyone from accessing the app without knowing the passcode.
- Turn on the “Privacy and Security” settings to control who can see your employees’ online status, and to block or report users who are acting suspiciously. This can help to prevent your employees from being targeted by criminals who are using Telegram to target specific organizations.
Taking Down Scams on Telegram
Encrypted messaging apps like Telegram use a form of encryption to encode messages in a way that makes them unreadable to anyone who does not have the key to decode them. This means that even Telegram is unable to read the messages that are sent through their app. This is done to protect the privacy of the users and to prevent anyone from being able to access the contents of their messages without their permission.
As one can imagine, no vendor can read or takedown malicious content on encrypted channels in Telegram. However, due to the proximity to criminal activity, much of that bleeds over to public forums, groups, and channels on Telegram and is a important area to monitor for any kind of malicious activity against your brand.
Education and enforcing se, as previously mentioned, is insufficient unless it’s supported by the proper security controls and supporting security infrastructure. Where Telegram is concerned, that means deploying a digital risk protection.
Bolster is the only solution on the market that is able to accurately detect scams and take them down on Telegram. Bolster’s automated digital risk protection platform detects, analyzes, and takes down malicious content across the public channels and due to the close technology partnership.
The longer a fraudulent site stays online, the more loss to the business and risk to your organization. Fraudulent accounts on Telegram put your employees and consumers at risk. Legacy online brand protection services that rely on blacklists of known bad forums on Telegram and human analysis of suspected sites cannot match Bolster’s speed, scale, and accuracy. Issues with jurisdiction, verification, and quality of reporting data are the reasons why most fraudulent site removals take an average of 10 to 12 days without Bolster.
With Bolster’s relationship with Telegram, you can achieve a seamless detection and takedown of fraudulent activity on Telegram, reducing the overall risk exposure for your brand.
Request a demo to learn how we can help your organization detect scams and take them down on Telegram.