Telegram and cybersecurity: news, threats and scams

In recent years, Telegram has become a cybersecurity hotspot: is, at the same time, key tool for reporting threats And it's a very attractive space for criminals themselves. Among channels specializing in news, vulnerability alerts, and technical analysis, there are communities that use the platform to organize scams, share stolen data, or coordinate disinformation campaigns.

This contrast means that, if you're interested in digital protection, It is essential to understand what is happening on Telegram and how it is actually being used in the world of cybersecurityFrom specialized magazines and security units of large companies to independent research groups and financial entities, they all agree on one thing: encrypted messaging is changing the landscape of online fraud, and Telegram's role is becoming increasingly relevant.

Telegram as a news and information channel on cybersecurity

One of the most visible uses of the platform is its role as Speaker for media and projects specializing in cybersecurityChannels such as industry magazines allow you to follow the latest news in the cyber world in real time: new vulnerabilities, relevant cyberattacks, police operations, regulatory changes or analysis of emerging threats.

In Spain, for example, publications focused on digital security maintain Telegram channels where headlines are sharedbrief analyses and links to extended news stories

These channels usually combine breaking news with more educational contentTelegram explains technical concepts (such as ransomware, DDoS, or malware as a service) in an accessible way. In this way, Telegram is used as an outreach tool to bridge the gap between security experts and the general public.

One format that works particularly well is the brief summaries with commentary by specialists, accompanied by a link for further reading. This ensures that the channel is not just a dump of headlines, but a discerning filter that highlights what truly matters amidst the enormous daily noise of information.

In parallel, these projects usually offer Direct contact methods to communicate with the editorial or technical teamFor example, through specific email addresses associated with the Telegram channel. This serves both to receive tips about potential incidents and to answer questions or gather suggestions for topics to cover.

Telegram as a meeting point for cybersecurity communities

Beyond media, Telegram also functions as Meeting space for technical communities and corporate projects focused on securityA representative example is the approach of certain cybersecurity units of large operators, which have decided to move part of their outreach activity to open Telegram channels.

For years, many of these teams relied on Mailing lists for sharing regular newsletters with cybersecurity updatesHowever, that format has fallen short: users no longer want to wait weeks to receive a summary; they prefer more frequent, lightweight notifications that are easy to consume from their mobile phones.

That's why free channels have been created on Telegram where Relevant news about cybersecurity is published daily.These are accompanied by a brief technical comment and a link to the original source or the company blog. The idea is to offer a constant flow of information, but without bombarding users with messages that ultimately overwhelms them and causes them to unsubscribe.

These spaces are discussed Topics as diverse as critical vulnerabilities, cryptography, curiosities of the hacker world, security alerts, and reflections on trendsA balance is sought between highly technical content for professionals and general explanations that can be understood by interested users, even if they are not specialists.

The target audience for these channels is usually quite broad: People interested in technology, IT teams, cybersecurity students, and users who simply want to stay up-to-date without having to delve into complex forums or overly dense documentation. Telegram, with its one-way channels, offers just that middle ground between immediacy and simplicity.

Telegram features that attract cybercrime

The very same characteristics that make Telegram an attractive tool for news dissemination explain Why the platform has become a magnet for cybercrime. Among them, the intensive use of automated bots, the ability to manage large communities and virtually unlimited cloud storage.

Bots allow any administrator automate processes such as answering inquiries, managing orders, or processing cryptocurrency paymentsIn the hands of criminals, this functionality is used to offer, without human intervention, all kinds of illicit services: from the sale of stolen bank cards to the rental of infrastructure to launch DDoS attacks.

Offers have been made in numerous channels and groups phishing kits designed to steal banking credentialsThese include credential packages leaked by infostealers, victim databases, and ransomware services operating under the "malware-as-a-service" model. All of this is packaged as if it were a legitimate business, complete with "customer" support via bot and user manuals.

In addition, Telegram offers unlimited cloud storage, which makes it easier sharing huge files with leaked databases, stolen corporate documents, or complete dumps of compromised sitesInstead of relying on external hosting services, criminal groups use the app's own infrastructure to distribute the material among hundreds or thousands of members.

Cybersecurity team investigations have documented the existence of extensive networks of channels and groups dedicated to spreading massive data leaksThey explain how to exploit these networks and coordinate large-scale fraud campaigns. Analysts who have infiltrated these communities describe an ecosystem where the buying and selling of stolen information, tutorials for attacks, and discussions about the best tactics for avoiding detection are all mixed together.

Recent changes: more blocks, but channels that last longer

Studies conducted by threat intelligence providers have quantified this reality, showing How has the criminal use of Telegram evolved between 2021 and 2024The monitoring of hundreds of illicit channels blocked during that period reveals a seemingly contradictory dynamic.

On the one hand, the useful life of many of these channels has been extended: The number of criminal spaces that remain active for more than nine months has tripled. Comparing recent years with previous ones suggests that administrators have learned to navigate the platform's rules more effectively and evade moderation for longer periods.

On the other hand, the total number of blocks has grown very significantly. Since the end of 2024, even the least active months have recorded closure figures similar to the peaks of 2023.And the trend continues to rise. In other words, Telegram is closing more channels, faster, although some manage to survive for long periods before going under.

This shift in the balance of power is causing many criminal groups to begin assessing whether the risk-reward ratio continues to be favorableWhen an illegal "store" or service disappears overnight, reappears under a different name, and is taken down again a few weeks later, maintaining a stable customer base becomes extremely difficult.

Analysts from security firms explain that this instability is driving migration movements to other platformsThis includes even private messaging solutions developed by the criminal groups themselves. Established communities, such as forums with thousands of members specializing in fraud or malware-as-a-service, have already announced plans to move their main activity off Telegram due to the constant outages.

Telegram's technical limitations for criminals

Although from the outside it may seem like the perfect tool for hiding, Telegram presents several significant technical disadvantages for cybercriminalsThe first, and most discussed, is that end-to-end encryption is not enabled by default in normal chats.

While apps like WhatsApp or Signal offer End-to-end encryption in all standard conversationsTelegram reserves this protection for its "secret chats." Groups and channels, which are the formats most commonly used for criminal activity and the mass distribution of content, do not have this level of protection by design.

Furthermore, the platform architecture is centralized: Criminals cannot deploy their own servers to manage their own messaging infrastructureAll communication passes through company-controlled servers, whose server-side code is closed and not externally auditable.

That model has two effects: on the one hand, Users cannot transparently verify how data is managedOn the other hand, if the company decides to cooperate with the authorities, the room for maneuver of criminal groups is significantly reduced. The arrest of its founder in Europe and the associated judicial investigations have coincided with more intensive cooperation with law enforcement agencies, which has allowed for the dismantling of networks dedicated to extremely serious activities, such as the distribution of child pornography.

In addition to the above, the increasing public and media scrutiny of Telegram's role has led to The pressure to act against certain content is increasing.This particularly affects channels dedicated to extreme violence, child exploitation, or especially sensitive criminal activities, which are now more likely to be reported and blocked.

Real-life cases: bank phishing, fraud, and illicit content

Spanish security forces have documented several cases in which Telegram played a central role as a coordination tool among cybercriminalsOne of the most illustrative examples is the dismantling of a bank phishing network that used the platform to operate on an almost industrial scale.

This organization offered other criminals ready-to-use kits, with names as outrageous as “Stealing everything from grandmothersThese were designed to steal online banking credentials and sensitive data from victims. Through channels and bots, they sold templates, managed incidents, and shared instructions to maximize the effectiveness of the deceptive campaigns.

The operation culminated in the arrest of the main developer of these tools in Spain, who He operated from Malaga and used Telegram as the nerve center of his illicit business.The case served to highlight how the platform had become, in practice, a global black market for the buying and selling of fraud kits.

But cybercrime isn't the only problem. For years, Telegram has also been singled out as common channel for the distribution of child pornography, hate speech and extremist materialsBefore the latest legal actions against those responsible, the general perception was that moderation was sorely lacking, which generated a sense of impunity among those who disseminated this type of content.

Through intensified cooperation with the authorities, the following has been achieved dismantle pedophilia networks and other criminal structures that relied on groups and channels within the appEven so, the volume of illegal content detected demonstrates that the fight is far from over and that control in encrypted environments remains a huge challenge for law enforcement agencies.

Digital fraud and the rise of scams originating on Telegram

As the net tightens around certain criminal communities, Digital fraud is shifting strongly towards private messaging applicationsWhile for years most scams were concentrated on traditional social networks, now a growing number originate directly in channels and chats on platforms like Telegram.

Recent data from the financial sector show that The number of cyber scams originating on Telegram has skyrocketed by more than 200%. compared to previous years. Overall, it now represents approximately one-fifth of all reported frauds, indicating that this is not a marginal phenomenon, but a structural one.

The main reason is that the platform allows combining Public channels to lure victims, mass groups to coordinate actions, and private conversations to end the scam.All of this with a certain degree of anonymity and with less apparent supervision than on networks where moderation policies have been tightened more rapidly.

Even so, the platforms in the Meta ecosystem continue concentrating nearly half of the frauds reported worldwideIt remains the primary source of online scams. However, Telegram's percentage growth in this area is far greater, which is particularly concerning for banks and fintechs that have seen attack patterns adapt to this new environment.

Other networks like TikTok are also experiencing significant increases in the volume of scams, with figures multiplying in a short time, although Its total weight is still behind that which Telegram has achieved on the digital fraud map.The underlying message is clear: cybercriminals follow the user wherever they spend the most time, and messaging apps have become their natural habitat.

Most common types of scams on Telegram

Among the most common scams on Telegram, those related to [the following stand out globally] shopping and e-commerceIt is estimated that more than half of the reported frauds are linked to advertisements for products that do not actually exist, fake stores, or supposed offers with impossible discounts.

In these cases, criminals use advertising campaigns or forwarded messages that imitate well-known brandsby cloning logos, websites, and marketing messages. The goal is to create a sense of urgency (“last units,” “today only,” “limited spaces”) so that the user makes the payment impulsively, without verifying the legitimacy of the offer.

In the Spanish context, this pattern also dominates, representing more than half of the fraud complaints associated with Telegram in the last yearThey are usually aimed at both consumers looking for bargains and people interested in technology, gadgets, travel or quick investments.

Another category that is growing rapidly is the Job scams and fake job offersInternationally, they already account for around a fifth of all reported frauds and have multiplied in a short time, driven by the economic context and the search for extra income by many people.

On Telegram, these fraudulent offers promise Earn a lot of money with simple tasks: reviews, clicks, surveys, automated investments, or remote work with no requirementsThe trick is usually that they ask for an upfront payment for "materials", "training" or "security deposit" and, once the money is received, the supposed employer disappears or blocks the user.

Deceptive advertising and the economic benefit of the platforms

Fraud on Telegram and other networks is not limited to direct messages or groups. Online advertising has become one of the most profitable vehicles for scammers., which take advantage of targeted advertising systems to precisely reach vulnerable groups.

Recent studies suggest that Large platforms earn billions of euros in advertising revenue from fraudulent adsespecially in Europe. Although this revenue does not come directly from Telegram, it illustrates how the social media and messaging ecosystem can unwittingly or without sufficient oversight monetize campaigns designed to deceive users.

The most sophisticated campaigns use Artificial intelligence techniques to personalize messages, recreate compelling corporate identities, and optimize impactThis means that the same fraud can be presented differently to each victim, adapting to their language, interests, or apparent economic level.

The result is an environment where Fraudulent ads are disguised as legitimate promotionsThis makes it difficult for users to distinguish at a glance what is reliable and what is not. This blurring of boundaries makes cybersecurity education and the adoption of early detection systems by both platforms and financial institutions even more crucial.

Faced with this scenario, digital banks and financial service providers are investing a large part of its human and technological resources are dedicated to fraud preventionSome organizations dedicate up to a third of their global workforce to teams that analyze behavioral patterns, map millions of data points, and refine models to anticipate new criminal tactics.

Regulation, legal pressure and international cooperation

The rise in fraud in encrypted environments has set in motion a process of regulatory tightening at both the European and national levelsThe European Union is working on strengthening the regulatory framework through new rules on payment services and specific strategies against online fraud.

These initiatives seek Clarify the obligations of banks, fintechs, and digital platforms regarding supervision and liabilityThe goal is to reduce the gray areas where no one seems to take responsibility when a scam occurs by exploiting digital communication and payment tools.

In Spain, the authorities have begun to promote Measures to improve user protection against scams originating from social networks and messaging applicationsThese actions include strengthening cooperation between police forces, financial institutions and technology companies, as well as promoting more efficient reporting channels.

Financial crime experts insist that The response will only be effective if it is coordinated among all actors in the digital ecosystem.The speed with which criminals adapt their tactics requires continuous updating of monitoring processes, systems for blocking suspicious transactions, and communication mechanisms with affected users.

One idea that is repeated among professionals in the sector is that Collective security depends on the weakest linkIt is of little use for a bank to have advanced controls if the messaging platform or social network where the fraud originates remains unattended in terms of moderation and content verification.

Disinformation, hate speech, and the political use of Telegram

In addition to economic crimes, Telegram has established itself as one of the preferred channels for spreading hoaxes, conspiracy theories and agitation campaignsThe combination of massive groups, easy message forwarding, and low moderation intervention makes the platform fertile ground for disinformation.

In recent episodes with significant media impact, we have seen how Within hours, distorted versions of the events, unfounded rumors, and inflammatory messages were circulating on Telegram.In some cases, this content has fueled social tensions, xenophobia, or even calls for violent actions against specific groups.

Far-right movements and radicalized groups have used the app to organizing rallies, coordinating “hunts” and spreading hate speechTaking advantage of the difficulty of tracing the exact origin of messages when they are forwarded in chains, the line between freedom of expression and hate speech is constantly tested in these contexts.

The platform's founder himself has criticized it on several occasions. European regulations that aim to increase the legal responsibility of network executivesinterpreting them as a threat to privacy and freedom. However, the authorities argue that, without some degree of shared responsibility, it is impossible to curb the widespread use of these channels for illicit activities.

In this clash of visions, Telegram finds itself at the center of the debate about How to balance the privacy of communications, freedom of information, and the need to protect citizens from crime and manipulationThe evolution of this balance will shape the future of the platform and its role within the cybersecurity ecosystem.

This whole picture paints a complex reality in which Telegram acts simultaneously as A valuable tool for learning about cybersecurity and a platform where fraud, disinformation, and criminal communities are concentrated.Understanding its strengths, risks, and the measures being taken—from research and regulation to international collaboration—is key to leveraging its advantages without becoming the next victim of this increasingly hostile digital environment.