A new scam that uses Telegram to steal contacts via is doing the rounds and people are warned to take note of this new scam.

Scammers are always on the lookout for means and ways on how to scam and trick people. The reasons for these scams are different and the sophistication of the scams differ as well. For some scammers getting a list of contact number from someone’s phone is enough. For others, it might be wanting full access and control of a victim’s phone. These are the more dangerous ones as they might have access to passwords and usernames if they manage to install and execute code on your phone. Imagine someone having access to your keyboard, this means every message you type the hacker will have access to. Not only messages, but usernames and passwords as well. Its a frightening thought honestly.

This means that as a smart phone user, you have to be on the lookout for potential ways and means that scammers will try to get you. In the past, there was a time when WhatsApp accounts were being hijacked by hackers. The hijack worked by convincing a victim to send them a WhatsApp pin (which is used to transfer ownership to a new number). Most unsuspecting users shared these pins with WhatsApp and promptly had their numbers hijacked. After the hijack, with full access to the victim WhatsApp, they would go through the phone book and send messages to unsuspecting users for hacking attempts. This worked very well because to the next victim, the name appeared as a known contact, lowering down people’s mental guards.

As this became prevalent, WhatsApp introduced 2 factor authentication (2FA) for WhatsApp accounts which was an additional pin that a user could set on their account. This meant that even if the hacker got the victim to send them the verification pin sent by WhatsApp, they couldn’t take over the account without knowing the 2FA pin. This almost stopped this kind of attack in its tracks.

However, there’s a new one that hackers are trying now, something someone tried with me recently. This hack uses Telegram and WhatsApp together to try and get your contacts list. The hack is done from WhatsApp with a view to get access to your contacts through Telegram. For this hack, if you dont have Telegram, this wont work. If you have Telegram, and you have set it up once and forgot it and never even used it, this will work. Some people tried Telegram just to see if there was any benefit in using it. When this happened, all your contacts were transferred to Telegram with potentially continued contacts upload. These are the contacts that the hackers are after.

This is how it can work

• You receive a WhatsApp message from an unknown number.
• However, this unknown number will have a familiar profile picture and even very familiar name
• The person says please save this number this is my new number
• Then the next thing, they ask you to send them a code sent to your phone
• Most people normally would not send this code if it has the words WhatsApp in it. However, in this case the message says Telegram
• If you don’t realise that you speaking to a hacker, you will give them the code thinking that you don’t use Telegram anymore
• The moment you give them the code, nothing happens in WhatsApp, and life goes on

However, in the background the hackers now have full access to your Telegram account including a list of all your contacts. It is these contacts that are then used for further social engineering attacks. If you had set a profile photo in Telegram they might be able to even steal your profile picture.