Phishing services

Telegram Phishing Services: The Latest Trend In Online Crime

Cybercriminals have already turned Telegram into their Phishing services marketplace, says Kaspersky.

Recent research by Kaspersky has revealed that 2.5 million malicious URLs generated by phishing kits were detected in the last six months.

This is the result of increased Phishing services provided on Telegram, making it easier for anyone to become a phisher.

Here we’ll take a closer look at these services and explore how Telegram has become a hub for the phishing economy.

Phishing Services

We all are familiar with the idea of free and premium tools right? Free tools offer fairly usable features while the premium version gets you the most advanced ones.

Just like that, Cybercriminals are now offering both free and paid phishing services to their aspiring phishers!

Free Phishing Services:

Kaspersky discovered the following free phishing services provided on Telegram:

  • Phishing scams with Telegram bots: Phishers are now providing Telegram bots to automate the process of creating phishing pages and gathering user data.
Phishing services
Login page generated by phishing bot
  • Free phishing kits: Threat actors distribute ready-to-use free phishing kits that target a wide range of global and local brands.
phishing services
Contents in free phishing kits
  • Stolen Users data: Phishers also share stolen user personal data in order to attract new phishers to try their hand at phishing.
phishing services
free Stolen user data

Paid Services:

Here’s a list of paid phishing services

  • Paid phishing pages: Advanced features such as anti-detection systems, geoblocking, and URL encryption are included in “premium” phishing and scam pages.
Phishing services
description of paid phishing page features
  • Paid User Data: Another paid category is the sale of personal data with bank account credentials. This data is advertised at different rates depending on the bank balance of the victim.
phishing services
Paid user data for sale
  • Phishing-as-a-service: Long-term services need a subscription to access tools with technical support for the anti-detection systems provided.
  • OTP bots: To hack Two-Factor-Authentication, OTP bots can be purchased on a weekly or monthly subscription basis, or pay-per-minute prepaid basis with additional rewards for sharing victims’ data.
phishing services
description of paid OTP bot functionalities

Even though phishers attempt to avoid detection, Kaspersky’s anti-phishing technology has detected fake sites generated by phishing bots on Telegram. The reason is that these sites are often hosted in the same domain or share parts of HTML code.

For instance, a domain linked to a phishing bot had 1483 attempts to access fake pages detected. Over the last six months, Kaspersky prevented 7.1 million attempts to access malicious sites.

However, becoming a phisher In the past required gaining access to the dark web, researching forums, and taking other steps to enter the community. But the migration of actors to Telegram has made it much easier to join the phishing community.

For more information on Cybersecurity, visit

Maximus: U.S. Government Contractor Hit By A Massive Data Breach

WordPress Plugins Exposed Credentials of Over a Million Websites

Palestine on the Edge of having ‘No Internet’ Sparking Human Rights Concerns

Air Europa Advises Customers to Cancel Credit Cards After Cyberattack