The free and unmonitored webpage publishing platform has been identified as being used in phishing scams dating back as early as mid-2019, as a key part to bypass security solutions.
By and large, Telegra.ph is a legitimate platform. In the simplest of ways, it supports the creation of a basic webpage – complete with hyperlinks and images – in a matter of seconds. According to security researchers at email protection vendor Inky, a pattern of use of the platform has been seen, including a recent uptick.
Scammers send out phishing emails that contain a link as the call to action that lead to a telegra.ph webpage.
Source: Inky
This legitimate use of a platform like telegra.ph has allowed some of these scams to pass through security scans. Once on the web page, victims are prompted to click embedded links. In the case of credential attacks, it leads to an impersonated Microsoft 365 logon page. And in the case of crypto scams, the page points victims to various ways they can pay in crypto to fend off a faux extortion they believe to be real.
The clincher here is that a simple realization of the use of a domain that has zero to do with the actual email would put these attacks to rest before they can do any harm. It’s through Security Awareness Training that users of organizations can see these scams for what they are, and avoid engaging them entirely.