Examining the Consequences of Telegram’s Privacy Changes and Their Effect on Fraudster Activity
Cybercriminals have long used social media platforms to communicate, trade stolen data, and share compromised credentials. One of the most popular platforms for this activity has been the messaging app Telegram. However, a significant shift is underway following recent events involving Telegram’s leadership and changes to its privacy policy.
On August 24, 2024, Telegram’s CEO, Pavel Durov, was arrested outside of Paris. This arrest has started to influence the behavior of cybercriminals who rely on the platform, as noted by FraudAction’s intelligence researchers. In a subsequent development on September 23, 2024, Durov announced a major update to Telegram’s privacy policy, which is set to alter how the platform handles criminal activity.
FraudAction dark web monitoring: advertisement of compromised credit card store and credit card details on Telegram
Key Changes in Telegram’s Privacy Policy
The new policy mandates that Telegram will now share user data with authorities in response to valid legal requests. Specifically, this includes the IP addresses and phone numbers of users suspected of criminal activity or violations of Telegram’s terms of service. The move is aimed at curbing the use of the platform for illegal purposes, including fraud and cybercrime.
With over 900 million active users, Telegram has been a popular hub for cybercriminals to trade stolen databases, user credentials, credit card information, and more. Fraudsters also use the platform to communicate with others, exchange hacking techniques, and sell illicit goods. This policy change, however, introduces a significant risk to those engaged in these activities.
Fraudsters on the Move: The Shift to Signal
In response to the new privacy measures, FraudAction researchers have observed a growing number of cybercriminals migrating from Telegram to more secure messaging platforms like Signal. Founded by Moxie Marlinspike, Signal has emerged as a favored alternative due to its strong privacy features, including end-to-end encryption and minimal data collection. Unlike Telegram, Signal does not store metadata such as phone numbers or IP addresses, and its disappearing messages feature offers additional anonymity.
This mass migration is largely driven by Telegram’s new willingness to comply with legal authorities, which increases the risk of exposure for fraudsters and cybercriminals. Many have announced their intention to leave Telegram in favor of Signal, which they perceive as a safer option to continue their illicit activities.
Post traced on a fraudulent Telegram declaring to transfer the fraudulent activity to Signal application, due to Telegram’s new policy
FraudAction’s Dark Web Intelligence
At FraudAction, our intelligence team continuously monitors these shifting trends in cybercriminal behavior. We track emerging platforms and tactics, keeping a close eye on both the clear and dark web to provide our clients with the latest threat intelligence insights. As fraudsters adapt to new privacy policies and seek out more secure communication channels, our commitment to expanding our sources and maintaining a thorough understanding of these environments ensures that you stay informed and protected against evolving threats.
