Greetings! In this note, I’ll give you some quick tips that will help you sleep better at night when using Telegram!
The lightweight chat client Telegram is one of the most common methods of communication in crypto, and there’s a good reason for that. This app is also frequently used for work and communication, so it stands to reason that scammers and hackers would also look for victims there.
Let’s figure out how not to be a victim! Let’s get started!
Beware of impersonators (carefully check out Telegram bio as the scammer may insert any nickname to his bio and leave his own nickname blank), fake notifications about logging into Telegram (check out them carefully, they should come into the official telegram news & tips channel) with a phishing link, fake bots (yep, bots — not user accounts — may DM first) and so on!
NONE of the telegram chats are E2E encrypted not 1:1, not groups — only TLS. Only the secret chat one iirc.
Phone Number → Who can see my phone number — Nobody;
Data and Storage → Auto Download Media → Toggle off;
Phone Number → Who can find me by my number — My Contacts;
Last Seen & Online → Who can see my timestamp — Nobody;
Profile photo → Who can see my profile photo — My Contacts;
Calls → Who can call me — My Contacts (or Nobody, if you prefer);
Calls→ Peer-to-peer — My contacts (or Nobody, if you prefer not to share your IP address with chat partners);
When you start the call, you will see four emojis at the top right corner — ask the person you are calling to name them and compare them to yours (they should be the same as yours). This is protection from MitM;
Forwarded Messages → Who can add a link to my account when forwarding my messages — My Contacts;
Never add contacts to Telegram (if there are any — erase them), and always use VPN;
Groups & Channels → Who can add me — My Contacts;
Set up a 2FA (cloud password);
Set up a cloud email 2FA!;
Disable sticker loop animation! Animated Stickers = danger;
Disable auto-downloading (both wi-fi and cellular): Privacy & Security → Data Settings ❗️;
Disable link & image previews in secret chats (scroll down in a Privacy and Security section;
Never activate (via /start) any telegram bot! Do not even touch telegram bots (only public chat bots are considered safe, you can operate them in a public chat via commands), never DM a Telegram bot! (any button can contain a SQLi vulnerability or even worse);
If you have to open PDF (CV for example), use dangerzone.rocks or google drive preview regime (ask to upload);
If you receive a message about logging into your account — check that it is on a legitimate telegram notification & news channel. Scammers can impersonate this notification channel to force you to give them the OTR code from the SMS;
Check out Telegram FAQ;
To sign in to Telegram, use a different phone number — or even a virtual phone number — rather than your actual mobile number. However, if you use a one-time number, someone else may obtain access to your account. To conceal your IP address, use a VPN (which Telegram can provide, for example, at the request of law enforcement officials);
It is necessary to have a separate secure device with an account-logged in application;
It is necessary to regularly check the work of the application logged in to the account and the chat with service notifications. At least once every five days;
The more devices logged into the account - the higher the risk of account compromise. Also, a logged-in device is a tool in ensuring the security of a Telegram account;
Anyone can become a victim of mass-abusing. You should send a letter to email@example.com / contact support agent +42470 (add this phone to contacts);
But also you should contact support which is located in your telegram settings — “Ask a Question”;
Next, fill this form telegram.org/support;
Also, this is a full list of emails: t.me/durovleaks/118;
Automatically detect changes made to official Telegram sites, clients, etc.;
Support is very important to me, with it I can do what I love — educating users!
If you want to support my work, you can send me a donation to the address:
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR
t1Tixh34p5FK9pMV4VYKzggP6qPbUwUabxx — ZenCash ZEC