Telegram [1] [2] [3] [4] [5] [6] [7], the encrypted messaging app [7], has raised concerns among cybersecurity researchers due to its role in facilitating cybercrime. Its lax moderation practices and accessibility have made it a platform for exchanging illegitimate tools and insights, enabling both experienced and new threat actors to launch phishing attacks.


Telegram has become a hub for cybercriminals [3] [4] [5] [6] [7], providing a platform for the open sharing of tools and knowledge related to cybercrime. The lack of strict moderation on Telegram allows cybercriminals to freely share tools and educate newcomers about phishing. Phishers take advantage of Telegram channels to advertise bots that can automatically create phishing pages, democratizing the phishing ecosystem [1] [4] [6]. The presence of disguised email messages on Telegram makes it difficult for recipients to detect malicious intent [2].

Telegram offers building blocks for constructing phishing campaigns [1], such as phishing kits and backdoor mailers [1], as well as expertly designed templates to make phishing emails appear authentic [1] [6]. It also hosts bulk datasets of valid email addresses and phone numbers [1] [3] [5] [6], which can be enriched with personal information to maximize the impact of phishing attacks [1]. Stolen credentials collected through phishing campaigns can be sold to other criminal groups for monetization [1].

Previously, activities related to cybercrime were limited to invite-only forums on the dark web. However, Telegram has made these activities accessible through public channels and groups. This ease of access and low cost associated with Telegram have made it possible for anyone [1], regardless of their prior knowledge or connections in the criminal underworld [1] [5], to start a significant phishing operation [1] [6].


Telegram’s role as a platform for cybercriminals has significant implications. It is crucial for site owners to secure their platforms and implement robust defenses to combat phishing attacks. The ease of access and low cost associated with Telegram have made cybercrime more accessible to inexperienced criminals. Mitigating these malicious activities requires proactive measures to prevent the misuse of platforms like Telegram. As cybercriminals continue to utilize Telegram for their malicious campaigns, it is important for cybersecurity researchers and law enforcement agencies to stay vigilant and adapt their strategies to counter these evolving threats.