Security News > 2022 > June > Telegram’s blogging platform abused in phishing attacks
Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials.
Telegraph is a blogging platform that lets anyone publish anything without creating an account or providing any identification details.
According to a report by INKY shared with Bleeping Computer before publication, phishing actors use Telegraph extensively to create phishing sites that look like website landing pages or login portals.
INKY's data from the end of 2019 until May 2022 shows that the inclusion of Telegraph links in phishing emails has been going through a steep rise recently, as over 90% of all detections occurred this year.
The phishing email delivery rates are excellent because these links are hosted on Telegraph, a platform not marked as dangerous or suspicious by any email security solutions.
In many cases, INKY noticed that the phishing emails came from hijacked email accounts, so blocklists on known scam addresses were bypassed.
News URL
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)
- Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation (source)
- CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users (source)