This post is also available in: Thai
This post was produced with input from the Spring Revolution Security Telegram Channel.
Recently, several human rights defenders and digital rights activists from Thailand and Myanmar have been targeted by phishing attacks through Telegram. Some of those targeted by phishing attempts have had their accounts hacked and their digital security compromised.
The messaging platform is commonly used by activists because of its security features, but it is not completely safe. For instance, there have been issues regarding doxing on Telegram, especially targeting pro-democracy activists in the wake of the Myanmar coup. Additionally, users on Telegram and other platforms are also prone to various types of phishing attacks employed by cybercriminals to gain unauthorised access to an organisation’s networks and computers, introduce malware, and trick victims into sharing sensitive information.
It is important to practice heightened digital security procedures to keep yourself safe. Do not click on suspicious links (note the telegram.im and telegram.org domains). Clicking on suspicious links will put you at risk of losing access to the Telegram account associated with the compromised phone number.
Messages received by activists in Thailand and Myanmar
Here are some recommendations to keep yourself safe:
- If you receive a message such as the one above, your phone number may already have been compromised. Change your number immediately in the settings.
- Configure your privacy settings to avoid revealing your phone number.
- Two-factor authentication is a must.
- Regularly check your active sessions and remove unused or unfamiliar devices.
Moreover, we recommend linking Telegram with a throwaway phone number that you can discard if compromised.
If you are logged in to multiple devices (for example, an active session on your phone and on your laptop), never request log-in codes through SMS.
Learn more about enhancing your digital safety through these guides: