With the help of the popular messaging app Telegram, launching phishing attacks has become easier than ever for cybercriminals, regardless of previous experience.

Telegram and the rise of phishing

While primarily used to send private messages, Telegram also provides a way for users to post public messages to their channels, which can be viewed by others. With this feature, users can share or request information in a variety of ways – from standard link and video sharing, to livestreams and customized polls, similar to Facebook or Instagram.

And according to a new report published by cybersecurity firm Kaspersky, they can also use it to sell phishing kits to cybercriminals.

How it works

Kaspersky web content analyst Olga Svistunova recently shared:

“To promote their ‘goods,’ phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, ‘What type of personal data do you prefer?”

Cybercriminals then share links to their Telegram channels on other social sites such as YouTube and GitHub to garner customers.

Interested parties can select from a variety of phishing kits, most of which include automated bots that can be commanded to perform multiple tasks to trick users into disclosing personal data – from generating phishing pages, to creating false one-time password requests. Most kits are sold for anything from $10 to $700, and some criminals even offer monthly subscriptions to “Phishing as a Service” (aka PhaaS) kits, which they claim will be updated on a regular basis. Other sellers have even gone so far as to share private user information on their own Telegram channels in order to show off their kits’ capabilities and lure in criminal hopefuls.

With the resources to commit cybercrimes en masse readily available, cybersecurity experts are concerned about the future of phishing attacks. Within the last year alone, the use of Telegram bots for phishing campaigns skyrocketed by 800%, thanks to their affordability and ease of use – and that number is only going to increase.

As Svistunova concluded:

“Wannabe phishers used to need to find a way onto the dark web, study the forums there, and do other things to get started. [Now that] malicious actors [have] migrated to Telegram and… share insights and knowledge, often for free, right there in the popular messaging service… the threshold to joining the phisher community [has been] lowered.”