Greetings! In this note, I’ll give you some quick tips that will help you sleep better at night when using Telegram!

Photo by Dimitri Karastelev on Unsplash.

The lightweight chat client Telegram is one of the most common methods of communication in crypto, and there’s a good reason for that. This app is also frequently used for work and communication, so it stands to reason that scammers and hackers would also look for victims there.

Let’s figure out how not to be a victim! Let’s get started!

Basic Tips

Beware of impersonators (carefully check out Telegram bio as the scammer may insert any nickname to his bio and leave his own nickname blank), fake notifications about logging into Telegram (check out them carefully, they should come into the official telegram news & tips channel) with a phishing link, fake bots (yep, bots — not user accounts — may DM first) and so on!

NONE of the telegram chats are E2E encrypted not 1:1, not groups — only TLS. Only the secret chat one iirc.

Settings:

• Phone Number → Who can see my phone number — Nobody;

• Data and Storage → Auto Download Media → Toggle off;

• Phone Number → Who can find me by my number — My Contacts;

• Last Seen & Online → Who can see my timestamp — Nobody;

• Profile photo → Who can see my profile photo — My Contacts;

• Calls → Who can call me — My Contacts (or Nobody, if you prefer);

• Calls→ Peer-to-peer — My contacts (or Nobody, if you prefer not to share your IP address with chat partners);

• When you start the call, you will see four emojis at the top right corner — ask the person you are calling to name them and compare them to yours (they should be the same as yours). This is protection from MitM;

• Forwarded Messages → Who can add a link to my account when forwarding my messages — My Contacts;

• Never add contacts to Telegram (if there are any — erase them), and always use VPN;

• Groups & Channels → Who can add me — My Contacts;

• Set up a 2FA (cloud password);

• Set up a cloud email 2FA!;

• More about 2FA core.telegram.org/api/srp#email-verification & this;

• Disable sticker loop animation! Animated Stickers = danger;

• Disable auto-downloading (both wi-fi and cellular): Privacy & Security → Data Settings ❗️;

• Disable P2P calls for everyone as it may expose your IP! Same with secret chats! End-to-End encryption means thats your IP will become known the person you’re chatting with. And vice versa;

• Disable link & image previews in secret chats (scroll down in a Privacy and Security section;

• Disable autoplay GIFs;

• You can now buy Telegram Premium subscriptions (also — numbers & usernames) with TON: fragment.com/premium;

• Dutch Police Can Access Hidden Telegram Numbers - Use a burner number!

• Never activate (via /start) any telegram bot! Do not even touch telegram bots (only public chat bots are considered safe, you can operate them in a public chat via commands), never DM a Telegram bot! (any button can contain a SQLi vulnerability or even worse);

• If you have to open PDF (CV for example), use dangerzone.rocks or google drive preview regime (ask to upload);

• Watch out active session! Terminate inactive sessions! Watch out session stealers;

• If you receive a message about logging into your account — check that it is on a legitimate telegram notification & news channel. Scammers can impersonate this notification channel to force you to give them the OTR code from the SMS;

• Check out Telegram FAQ;

• To sign in to Telegram, use a different phone number — or even a virtual phone number — rather than your actual mobile number. However, if you use a one-time number, someone else may obtain access to your account. To conceal your IP address, use a VPN (which Telegram can provide, for example, at the request of law enforcement officials);

• Check out this list & follow Telegram Tips;

• It is necessary to have a separate secure device with an account-logged in application;

• It is necessary to regularly check the work of the application logged in to the account and the chat with service notifications. At least once every five days;

• The more devices logged into the account - the higher the risk of account compromise. Also, a logged-in device is a tool in ensuring the security of a Telegram account;

• This project describes Telegram limitations! | Link 2;

• Stay safe!

It appears that I’ve been banned… So, what should I do?

• Anyone can become a victim of mass-abusing. You should send a letter to abuse@telegram.org / contact support agent +42470 (add this phone to contacts);

• But also you should contact support which is located in your telegram settings — “Ask a Question”;

• Next, fill this form telegram.org/support;

• Also, this is a full list of emails: t.me/durovleaks/118;

• Automatically detect changes made to official Telegram sites, clients, etc.;

• If you’ve been restricted, then visit @SpamBot a click it through;

• If you have been scammed…

Support is very important to me, with it I can do what I love — educating users!

• Check out my GitHub

• Follow my Twitter

• Track all my activities

• All my Socials

• Join my TG channel

If you want to support my work, you can send me a donation to the address:

• 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc

• 17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC

• 4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR

• t1Tixh34p5FK9pMV4VYKzggP6qPbUwUabxx — ZenCash ZEC

Stay safe!