Scammers are conducting a widespread phishing campaign impersonating Telegram with fake notifications claiming account deletion or suspension, according to reports circulating in cryptocurrency communities. The fraudulent messages urge users to immediately click a "Cancel" button to allegedly preserve account access, a tactic designed to lure victims into a phishing trap.
Once users click the malicious link, they are redirected to counterfeit Telegram applications or websites that request permissions to access device data and Telegram account credentials. Attackers exploit these permissions to intercept active sessions and seize full control of compromised accounts, potentially gaining access to connected cryptocurrency wallets, exchange accounts, and sensitive financial information stored within the messaging platform.
This attack represents an escalation in social engineering tactics targeting cryptocurrency holders, who frequently use Telegram for community communication and transaction coordination. The campaign exploits users' natural fear of account suspension to bypass critical security awareness, making it particularly effective against individuals managing digital assets. Cryptocurrency users are advised to never click links in unsolicited messages, verify official communications through Telegram's settings directly, and enable two-factor authentication to mitigate account takeover risks.