Security News > 2022 > June > Telegram’s blogging platform abused in phishing attacks
Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials.
Telegraph is a blogging platform that lets anyone publish anything without creating an account or providing any identification details.
According to a report by INKY shared with Bleeping Computer before publication, phishing actors use Telegraph extensively to create phishing sites that look like website landing pages or login portals.
INKY's data from the end of 2019 until May 2022 shows that the inclusion of Telegraph links in phishing emails has been going through a steep rise recently, as over 90% of all detections occurred this year.
The phishing email delivery rates are excellent because these links are hosted on Telegraph, a platform not marked as dangerous or suspicious by any email security solutions.
In many cases, INKY noticed that the phishing emails came from hijacked email accounts, so blocklists on known scam addresses were bypassed.
News URL
Related news
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)