How to Protect Yourself from Telegram Account Hijacking Scams — Old Tricks Still Wreak Havoc

Known for its high security, Telegram is rapidly increasing its user base in the Asia-Pacific region as a free messaging app equipped with end-to-end encryption. As of the end of 2024, over 17.6 million users are registered in Vietnam alone, and the country has become an environment increasingly targeted for Telegram account hijacking.

Neglecting Security Measures Can Lead to Anyone’s Telegram Account Being Hijacked

As the number of users grows, scam campaigns aimed at account theft are also becoming more active. On social media and messaging platforms,大量 of false notifications claiming “Account verification is required. Please check on the official site” are circulating, and many users fail to realize these are traps set by scammers.

Messages sent under the name “Telegram” often include threatening warnings such as “If you do not verify within 24 hours, your account will be disabled.” Many people believe these to be official warnings and click on the provided links.

Clever Telegram Hijacking Using Phishing Sites

The guided websites are fake sites designed to look exactly like the official Telegram login page. When users enter their phone number and click “Next,” the scammer’s system requests a new login authentication for a Telegram account with that phone number.

According to Telegram’s specifications, if two-factor authentication is not set up, an OTP code is required when logging in from a new device. Scammers exploit this by obtaining the victim’s phone number and then asking the victim to input the OTP code they receive, thereby hijacking the account.

When victims see the OTP code received from Telegram, they often mistake the login site for genuine and continue to input the code. In reality, Telegram displays a warning during transmission: “Do not share this code with anyone. Even if it claims to be from Telegram, do not give it out.” However, many users ignore this warning.

The Serious Consequences After an Account Is Hijacked

Malicious actors who succeed in hijacking a Telegram account can use it for various crimes, such as executing scams, stealing funds, or extorting private conversations. That is why taking preventive measures is extremely important.

Fundamentally Prevent Telegram Hijacking by Setting Up Two-Factor Authentication

The most effective way to protect your account is to enable two-factor authentication. Once activated, logging in from a new device requires both the OTP code and a password you set yourself, making it impossible for scammers to access your account.

The setup steps are as follows:

• Open the Telegram app and tap the menu icon in the top left corner
• Select “Settings” from the list
• Find and open the “Privacy and Security” section
• Tap “Set Password” under “Two-Step Verification”
• Create and confirm a password of your choice
• (Optional) Set a hint for forgotten passwords
• Enter a recovery email address
• Input the OTP code received in your email into the app’s setup screen
• Check your spam folder to ensure no misclassified emails are missed

Once this setup is complete, logging in from a new device will require both the OTP code and the two-step verification password. This makes it impossible to hijack a Telegram account using only the phone number, significantly enhancing account security.

Users should remain vigilant against evolving scam tactics and regularly review their security settings.