You’re busy with your daily life and suddenly you get a message from your friend with the text “Is this your doing?”. You check your Telegram account and suddenly you are logged out. Scary right? In the following blog post, we will cover how easily you can secure your Telegram account against account takeovers. 5 simple steps and 10 minutes is all you need.
Step1: Add Your Extra Password Lock
Anyone with your phone SMS code can steal your account. This adds a second password they can’t guess, making your account more secure.
Why it saves you
Malicious actors grab SMS via tricks like SIM swaps, but this password can stop them.
To activate this feature you will have to do the following steps:
- Open Telegram -> Settings -> Privacy and Security -> Two-Steps Verification -> Set Password.
- Pick something strong and unique (12+ characters, and if you are using a password manager, grab the password from there).
- Add a recovery email address. Make sure it is an address you are using often and 2FA is used on that address as well.
Step2: Check for Hidden Intruders
Malicious actors like to use old devices or sessions to spy quietly. Spot them and kick them out.
Do this now
- Settings -> Devices (or Active Sessions).
- Check the list of devices, locations and last usage. Tap unfamiliar ones -> Terminate.
- If you are unsure of multiple sessions, just tap “Terminate all other sessions”. This option will terminate sessions on all devices.
As a rule of thumb, you should regularly check the list of devices or if a random login text is sent to you.
Step3: Hide Your Personal Information
It is always a good idea to hide your personal information whenever possible. Fortunately Telegram allows users to hide some of their personal information.
Why would this be a good idea? One good example that comes to mind would be “No phone number = no easy target for phone tricks or phishing attacks”.
Do this now
- Settings -> Privacy and Security
- Set Phone Number to “My Contacts” or “Nobody”
- Set Last Seen & Profile Photos to “My Contacts”
- Set Calls & Groups to “My Contacts”
Step4: Change the PIN Used By Your Phone Company
Weak voicemail PINs (eg: 0000) are used by malicious actors to their advantage. The attack begins with hackers initiating a Telegram login for the victim’s account. If the SMS verification code is bypassed, Telegram sends the code via a voice call. When the victim does not answer, the code is left in their voicemail. Using default PINs, malicious actors remotely access the victim’s voicemail and retrieve the verification code.
Do this now
- Change voicemail PIN (you can do this via your carrier’s application, for more information check your carrier help page or with their support)
Step5: Ignore Code-Grabbing Scams
Most malicious actors try to sweet talk their way into sharing your codes. If you are ever unsure of sharing information, do not share it. Always use official accounts to contact support and always check if the sender is indeed an official account. Some red flags are (and not only) the following:
- “Telegram Support needs your code” -> Real Telegram support will never ask for your private codes
- “Account deletes soon, please send the code you have received to stop this action”
- Prizes or different deals that ask you for login proofs.
Screenshot This List:
- Extra Password and safe recovery email activated.
- Connected Devices should always be checked, use “Terminate” or “Terminate all” to clean-up unwanted devices.
- Private data should be hidden for people outside of your contact list.
- Voicemail and carrier strong PIN codes.
- Never share your codes. If you are unsure, contact the official Telegram support.
All checked? You’re set now. Please share this article if it helps.