Scammers and cybercriminals are only too happy to send you hacked premium versions of software in order to steal account credentials

During the year-end gifting season, cybercriminals often cash-in on the trend by sending out fake subscriptions to social media platforms such as Telegram Premium.

People may receive a message — either within the free version of the app or in their email client — that appears to come from someone in their contact list, whose account may have been hacked. The message claims: “You’ve been sent a gift — a Telegram Premium subscription”. If the recipient falls for the phishing scam and enters login credentials on a subsequent phishing page, game over.

According to Olga Svistunova, Security Expert, Kaspersky: “Phishing schemes capitalizing on the Telegram Premium topic has been observed in several languages, suggesting that the perpetrators operate globally. Even if these scams haven’t yet reached a specific region, there is a probability they could eventually make their way there. Therefore, during the holiday season, it’s especially important to remain cautious and skeptical of (such) offers. Additionally, make sure your Telegram security and privacy settings are up to date, and your device has a robust security solution.”

Other phishing methods involving fake gifts/subscriptions include:

  • Fake “giveaways”: Victims are lured into participating in some quiz or challenge, and after a series of activities, they are directed to a phishing site where they are prompted to enter their account credentials. Some scams even feature a QR code to appear more legitimate.
  • Emails invites: These contain some silly excuse to reward recipients with a free premium version of Telegram or other software. The email contains a ZIP archive that supposedly contains a version of the app. Users invariably end up on a phishing page where they are once again asked to log in to whatever account is linked to the scam.
  • Free android app APK files: Scammers will send victims links to download an APK file claimed to modified versions of the gift app, which are actually malware that could steal credentials or do even more harm.

The usual protection against such phishing scams is to never follow any links to such dubious giveaway offers; to avoid entering any login credentials arising from unusual email or in-app invitations; and to activate multifactor-authentication and other account protection features.