Amid a rise in Telegram-based scams affecting users across India, cybersecurity researchers have identified several concerning patterns. Fraud actors are increasingly using the platform’s encrypted channels to circulate fake investment opportunities, lottery claims, and job offers. These schemes often lead to financial losses, identity theft, and malware infections through phishing links and malicious files. Data from the Indian Cybercrime Coordination Centre indicates that more than ₹1,100 crore was lost to digital-arrest and investment frauds during the first half of 2025, with a notable share linked to Telegram bots and private groups posing as legitimate services.

Analysis from a malware research facility shows that scammers typically initiate contact through public Telegram channels using messages that promise high returns from cryptocurrency or stock trading. Victims are then moved into private chats, where pressure tactics escalate. These include fabricated proof of profits, deepfake videos, and repeated requests for urgent fund transfers. Investigators have also documented “pig butchering” operations, in which attackers build trust over extended periods before directing victims to scan QR codes that redirect UPI payments or download trojanized applications disguised as trading tools. Law enforcement recoveries, including a ₹50 crore seizure connected to a Telegram-linked sextortion network in Delhi, illustrate the scale and sophistication of these operations. Telegram’s end-to-end encryption can limit visibility into malicious activity, while its large user base in India—estimated at over 200 million accounts—creates opportunities for wide-scale targeting. A common misconception that private chats are inherently safe has contributed to increased exposure to account compromise, ransomware, and financial fraud. Ongoing monitoring shows that scam operators are now using AI-generated voices and cloned profiles to impersonate family members or officials, increasing the effectiveness of psychological manipulation.

Researchers note that technical controls at the device level can help detect suspicious behavior, such as malicious downloads or phishing payloads, before harm occurs. At the same time, user awareness remains critical. Cybersecurity advisories recommend treating unsolicited Telegram messages with caution, avoiding unknown links, QR codes, or file downloads, and verifying claims directly through official channels such as bank applications or government websites. Additional measures include enabling two-factor authentication, restricting unknown group invitations, and reporting suspicious accounts within the platform.

In cases of suspected fraud, users are advised to immediately secure financial accounts, report incidents via the national cybercrime portal, and preserve relevant digital evidence to support investigation and response efforts.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!