Israeli cybersecurity experts have raised alarms over a wave of cyberattacks exploiting voicemail systems to hijack Telegram accounts.
The Israeli Internet Association issued a public alert after observing a sharp increase in incidents, believed to be part of a larger campaign originating from Bangladesh and Indonesia.
These attacks have targeted both existing Telegram users and individuals who have never registered on the platform, including minors.
Yonatan Ben Hurin, director of the Safe Internet Help Line, described the campaign as “persistent and invasive,” highlighting its ability to access users’ personal voicemail systems.
Unlike phishing attempts commonly seen on platforms like WhatsApp, this method leverages vulnerabilities in voicemail security to gain unauthorized access to Telegram accounts.
Exploiting Default Voicemail PINs
The attackers exploit a widespread security flaw: many users fail to change their default voicemail PINs, which are often set to simple combinations like “1234.”
The attack begins with hackers initiating a Telegram login for the victim’s account.
If the SMS verification code is bypassed, Telegram sends the code via a voice call. When the victim does not answer, the code is left in their voicemail.
Using default PINs, hackers remotely access the victim’s voicemail and retrieve the verification code.
According to the Report, this allows them to log into the Telegram account, disconnect all devices linked to it, and lock out the original user.
In some cases, attackers also make decoy calls from foreign or masked numbers often using Bangladeshi dialing codes to ensure that victims miss the verification call.
Once inside an account, hackers impersonate victims to scam contacts, distribute malicious content, or engage in phishing schemes.
Some victims reported that their profile pictures were replaced with images of attractive women, potentially as part of social engineering tactics aimed at extortion or fraud.
Broader Implications and Protective Measures
The cyber campaign appears linked to broader geopolitical tensions following Israel’s ongoing conflict in Gaza.
While it remains unclear whether these attacks aim to spread terror or are purely criminal in nature, experts emphasize their invasive nature and potential for significant harm.
To safeguard against such threats, cybersecurity experts strongly advise users to take the following measures:
- Disable voicemail services or change default PINs to strong, unique combinations.
- Enable two-step verification on Telegram through the app’s settings under “Privacy and Security.”
- Monitor for suspicious activity such as alerts about email changes or logins from unknown devices. If detected, remove unauthorized email addresses and terminate all other active sessions via Telegram’s device management settings.
For those already locked out of their accounts, Telegram offers a one-week waiting period to reset associated emails.
Alternatively, users subscribed to Telegram Premium can recover accounts immediately via SMS.
The Israeli Internet Association continues to monitor the situation and urges users to remain vigilant against evolving cyber threats.
Find this Story Interesting! Follow us on LinkedIn, and X to Get More Instant Updates
