One click enough to lose your telegram account

A new wave of phishing scams targeting Telegram users in Bangladesh has sparked widespread concern, as cybercriminals exploit curiosity and trust to hijack personal accounts.

The scam typically involves messages claiming, “Your photo is on this website,” accompanied by a malicious link. Once clicked, users are redirected to a phishing site designed to steal session cookies, small data files that store login credentials allowing hackers to gain unauthorised access without needing passwords. Victims report that these messages often appear to come from familiar contacts, increasing the likelihood of engagement.

Telegram user Abdul Hamid described his experience on social media, saying he received the message twice, each time appearing under a friend’s name but linked to a foreign number. Written in Bangla, the message easily blends into everyday communication, making it particularly deceptive.

Another user, Mohammad Tarek, warned that many accounts are being compromised through such tactics, with attackers leveraging hacked profiles to further spread the scam.

This chain-reaction approach has amplified the scale of the threat.

Cybersecurity experts highlight that once access is gained, attackers can extract extensive personal data. This includes contact lists, chat histories, documents, and media files—especially from desktop versions of Telegram where data export features are more accessible. In some cases, attackers later contact victims demanding payment in exchange for restoring access to their accounts.

Quazi Mahfujul Haque Supan, a forensic expert and former member of the Judiciary Reform Commission (JRC), told New Nation that the issue is compounded by international legal limitations. Many major platforms used in Bangladesh operate without local registration, making it difficult for authorities to investigate or trace cybercriminals without foreign cooperation.

“Bangladesh currently lacks formal agreements with other countries to facilitate efficient cybercrime investigations. As a result, responses from global tech platforms are often delayed, turning cybersecurity enforcement into a diplomatic challenge.”

Supan stressed the need for Bangladesh to join international frameworks such as the Budapest Convention, which would enable real-time cooperation and information sharing across borders. He also suggested that future cybersecurity legislation should clearly define coordination between government ministries to strengthen cross-border responses.

Beyond legal reforms, experts say prevention remains the most effective defense. Users are urged to avoid clicking on suspicious links, even if they appear to come from known contacts. Installing apps from unverified sources can also expose devices to Trojan malware, further increasing vulnerability.

Enabling two-factor authentication (2FA) is strongly recommended as an added layer of security, making it significantly harder for attackers to gain access even if login data is compromised.

The rise in such scams also highlights a growing digital literacy gap, particularly among young users. Many are drawn to platforms like Telegram due to perceived anonymity, peer influence, and access to restricted content. However, a lack of awareness about cybersecurity risks leaves them vulnerable to exploitation.

Experts warn that cybercriminals often manipulate or recruit teenagers into illegal online activities, turning them into either victims or unwitting participants in cybercrime networks. Meanwhile, limited digital oversight from parents and institutions further exacerbates the problem.

As Bangladesh continues its rapid digital transformation, the need for stronger cybersecurity awareness, legal infrastructure, and international cooperation has become more urgent than ever.