Dear words: why scammers hunt for rare Telegram usernames
Scammers began using schemes related to rare user names in Telegram, Pavel Durov, the founder of the messenger, warned about this. According to him, such names can be sold for more than $100,000 today, and hackers sometimes blackmail users into handing over their usernames. For more information about why scammers began to hunt for rare user names in Telegram, what schemes they use and how to protect themselves from them, read the Izvestia article.
What is known about the interest of scammers in the names of Telegram users
Pavel Durov, the founder of Telegram, reported on the fraud scheme with usernames and gifts in the messenger in his channel at the end of July. According to him, rare usernames and gifts that were once bought for just a few dollars can now sell for more than $100,000.
"We see how scammers are blackmailing users, trying to force them to give out these valuable collectibles,— Durov said. "There are also reports of channels extorting money by threatening to reveal personal information or confidential data."
The Telegram founder noted that some attackers have turned the scheme into a permanent business model by publishing compromising messages and charging a fee for their deletion. Durov stressed that such actions are immoral and illegal. In the post, he urged users to report such incidents.
As in the case of domain names, rare, short or collectible names in Telegram have become a real digital asset, says the director of the Coordination Center for domains .RU/ in an interview with Izvestia.Russian Federation Andrey Vorobyov. The launch of the Fragment platform for buying and selling nicknames in 2022 legalized this market and led to an increase in their value. Many names can cost tens or even hundreds of thousands of dollars and are sold on both official and shady sites. All this has provoked a wave of scams, "digital hijackings" and extortion.
Why do scammers need rare Telegram usernames?
Since the launch of Telegram auctions through the Fragment platform, users have begun to see rare nicknames as a status item (like a short domain or a beautiful number), a resale tool and a means of identifying businesses, says Maria Mikhailova, head of the Angara SOC brand protection group, in an interview with Izvestia.
— Also, many Telegram users have heard about buying and selling nicknames and gifts for large amounts of money, — says the expert. — For example, in April 2024 Pavel Durov bought the nickname @paul for his channel for 10 thousand rubles. TON (approximately $24 thousand).
For the average user, the scheme "register a nickname and then sell it for a large sum of money" looks like a simple business plan, explains Maria Mikhailova. Indeed, at first glance, the user does not need to put in much effort. But for scammers, he becomes an easy target: it is enough to offer to redeem a nickname for $ 5-10 thousand and many will continue to maintain a conversation with the attacker, and subsequently they may lose their money.
At the same time, fraudsters seek to take over attractive brand names, public figures or official pages not only for subsequent resale, but also for blackmail or use in various deception schemes, adds Andrey Vorobyov. In particular, attackers can create fake accounts of companies or popular brands.
— Then the "doppelgangers" contact subscribers and send them "promotions", "sweepstakes" or offers of a "refund" in order to extort money or bank card information, — says the interlocutor of Izvestia.
How hackers "hijack" rare Telegram usernames
According to experts interviewed by Izvestia, in order to "hijack" rare Telegram user names, attackers can use a variety of schemes. In particular, according to Andrey Vorobyov, one of the popular techniques is to imitate the Telegram support service: fraudsters register a nickname similar to the official one, and then, under the pretext of "verification," they ask for verification.
— To do this, scammers convince the user to follow the phishing link and enter the SMS code (2FA), after which they gain access to his account and valuable nickname, — says the specialist.
Another common fraudulent technique is the creation of a phishing page. According to the Domain Patrol project, in 2024 in Runet (in the zones .RU and .Russia) blocked 3,230 domains imitating Telegram, which is almost three times more than a year earlier. In 2025, the number of blockages of such domains has already exceeded the threshold of last year and amounted to 3,397 domains in the first half of the year.
In addition, attackers can contact the user directly with an offer to put the username up for auction, adds Irina Dmitrieva, an analyst engineer at Gazinformservice. For the sale site, they can offer a fake auction resource that can mimic even the official Fragment. The amount of the deal and the offer may sound tempting, all in the spirit of advanced social engineering.
— In the course of a phishing "deal" concluded with scammers, you can be left without the promised money and nickname, — says the expert. — In an alternative scenario, scammers can take over the account and start blackmailing the victim by distributing personal materials, demanding valuable gifts and TON currency in exchange.
In addition, attackers can use social engineering methods to steal rare usernames — putting pressure on users using "merged" data from other services, adds Konstantin Gorbunov, a leading expert on network threats and a web developer at the Security Code company. According to the expert, sometimes these can be fabricated data or deepfakes that scammers threaten to send, for example, to relatives or make publicly available. Some users cannot risk their reputation, so they agree to the terms of the attackers.
How to protect yourself from the "hijacking" of rare Telegram user names
Attacks on Telegram users are growing, as the messenger has not yet implemented mass verification, and it is easy to substitute one letter or symbol in nicknames, says Andrey Vorobyov. In addition, users are not in the habit of checking the originality of the name. And the most disturbing thing is that the support service does not always respond promptly.
"At the same time, phishing and other malicious domains are blocked in Russian domain zones for an average of 15 hours," the source said. — The messenger should also strive for such a prompt response to user requests.
At the same time, the loss of control over an account or channel in Telegram can become the first link in a long chain of troubles, adds the adviser to the CEO of RooX (specializing in authentication, authorization and development of web platforms for the corporate sector) Natalia Ledneva. Possible problems include a drop in sales if the channel was used for promotion, a threat to reputation when fakes, fraudulent schemes and viruses, extortion, and so on begin to spread on behalf of the victim.
Separately, it is worth remembering that hacking Telegram automatically means compromising other accounts linked to it, the specialist emphasizes. According to Mikhail Sergeev, CorpSoft24's lead engineer, if a user has a regular nickname, the risk of hacking is greatly reduced. However, regardless of the potential cost of the account, you must enable two-factor authentication, avoid clicking on suspicious links, and do not share SMS codes with anyone.
— Update the contact information for login, service notifications and password recovery (phone and e-mail), as well as set an additional password or 2FA where possible, — concludes Konstantin Gorbunov. — And if you receive suspicious messages, contact customer support immediately.
Переведено сервисом «Яндекс Переводчик»
