If you’re somewhat serious about participating in crypto, there is a high chance that using Telegram is a significant part of your life. From group chats to DMs, Telegram is heavily used by the crypto community for coordinating or simply keeping in touch.
Naturally, the popularity of Telegram makes it a prime choice for attackers and scammers. Here are some tactics used by them to take advantage of unsuspecting users.
Many people on Telegram have some version of “does not DM first” in their names, and this is for a good reason. Many scammers impersonate people by creating accounts that look very similar to the ones they are trying to impersonate.
Things like the profile picture, the name, and the bio can all be edited to match the person they are trying to impersonate, but impersonating the Telegram handle is impossible.
When in doubt, always compare the handle of the message sender with the original handle of the person they claim to be. You can find this original handle in the official group of the project they represent or on their personal website.
Alternatively, you may bring this up in any groups they are a part of to verify if it really was them trying to message you.
Bots help manage large communities and maintain decorum. Many communities use bots for verification and other repetitive tasks. But one must be careful when interacting with bots.
As a rule of thumb, you should always be cautious when bots DM you. If you are a part of a community or any other group chat that uses bots that may DM you, they will make it a point to inform you in advance. When in doubt, avoid bots, and never activate a bot via the /start command.
SIM swapping is a technique attackers use to gain control of their victims' SIM cards, which they then use to get OTPs and access their victims' accounts. To prevent this from happening to you, it is imperative to enable two-step verification. You can get more details in the official Telegram blog post here.
When you use Telegram frequently, it is convenient to log in to your account from different places. For example, you may want to use Telegram on your laptop or desktop either through a browser or via their native app. And while it is not recommended to log in to your account from devices that you don’t own, sometimes it is necessary to do so.
In such cases, and generally as well, one way to maintain security is to regularly terminate active sessions. Each time you log in to your account, a Telegram session begins. If you don’t log out of your account, the session stays active and lets you use your account without having to enter your details each time.
This is very convenient when using Telegram from trusted devices. But this poses a threat each time you use Telegram on a device you don’t own or won’t access anytime soon. You can learn more about ending active sessions from the official Telegram blog post here.
Attachments, Links, and General Spam
Attachments, images, and links all pose different levels of threats and must be approached with caution. Luckily, there are several settings that can help improve your security in this regard and most of these can be configured from the settings page. You may want to:
Disable link and image previews
Disable autoplay GIFs
Disable sticker loop animations
First of all, doing the above will save you a lot of bandwidth. Second of all, these things aren’t really necessary to use Telegram effectively. If anything, disabling animations and auto-playing GIFs may make you more productive by reducing distractions. Third of all, if an attachment is really important, you can ask the sender to send you a Google Drive link, or use dangerzone.rocks to open PDFs.
Many people use temporary phone numbers to create Telegram accounts. This is a bad idea, as anyone with access to that phone number can access your account. It is advisable to get a burner SIM card or use your real number with extra precautions to increase the security of your account.
These precautions are:
Disallow people from seeing your phone number
Settings → Phone Number → Who can see my phone number → Nobody
Disallow people from finding you by your number
Settings → Phone Number → Who can find me by my phone number → Nobody
Almost no one in crypto calls each other on Telegram. So it is a good idea to edit the calling settings as well.
Don’t let anyone call you
Calls → Who can call me → Nobody
Protect your IP address from the people you are chatting with.
Disable Peer-to-peer calls
Peer-to-Peer Calls → Use peer-to-peer with → Nobody
Avoid using secret chats. Secret chats may reveal your IP address to the person you are chatting with. Also, no Telegram chat is end-to-end encrypted. If you need the security E2EE provides, consider using Signal or Matrix.
Crypto runs 24x7, and most of your interactions happen with anonymous individuals spread across the world. It is a good idea, therefore, to keep your Telegram profile picture the same as the one on Twitter and elsewhere, and let everyone see this.
This helps people find each other in their chats and also verify that they are messaging the right person (though they should also check the Telegram handle carefully).
Also, it is a good idea to let everyone see your last seen and online status. This gives people an indicator of whether or not they should chase a message, or wait for you to come back online.
Lastly, to combat all the spam on Telegram, you should not let anyone add you to groups and tell people to send you invites instead.
Profile photo → Who can see my profile photo → Everyone
Last Seen & Online → Who can see my timestamp → Nobody
Groups & Channels → Who can add me → Nobody
The above tips and suggestions will help you increase the security of your Telegram account without compromising too much on usability and convenience. Please note that this guide is aimed at folks who want to use Telegram effectively to participate in the crypto ecosystem.
While these are sane defaults, you may want to deviate from the tips presented in this article depending on the nature of your communication and your exact requirements.
When in doubt, feel free to access Telegram’s well-written documentation and support section. To access this, go to your settings and use the search feature to read the relevant FAQ page or article.
Once you have secured your Telegram account, it's a good idea to secure your Discord account too. Here's a short guide to securing your Discord account.