As an open and free IM platform that supports privacy and anonymity, Telegram (hereinafter referred to as TG) is commonly used as the public platform for external communication and community formation in the cryptocurrency industry. 

Account theft and social engineering fraud targeting TG are flourishing, and data shows that many users or organizations have been attacked on TG with huge losses. Given the circumstances, the Amber Info-Security team has summarized the essential 5 security tips for you to protect your privacy on Telegram.

 

1. Enable Passcode Lock

By default, once you log in on Telegram with the mobile app, your Telegram account will remain active for 6 months unless you force log out or change your password. To protect your Telegram account from being compromised through unauthorized access (e.g., phone stolen, illegally accessing phone to text without permission), you are strongly recommended to enable “Passcode Lock”. This will make sure that when you switch between Telegram and other mobile apps, a passcode authentication is required when re-opening Telegram. Fingerprint ID and Face ID are supported for authentication based on the specific mobile phone model. 

Here’s how to enable Passcode Lock.

​

2. Enable Two-Step Verification

To strengthen your account security and protect it from being hacked (e.g., Brute force attacks, change number, password leakage, etc.), please enable Multi-Factor Authentication ("MFA"). 

3. Privacy Setting

By default, privacy data remains open to the public. For example, your phone number is public by default. Thus, we strongly recommend you to revisit and update your privacy setting. 

Set the permissions for various privacy data. It is strongly recommended to set private the following pieces of info: "My Contacts" for Phone Numbers, Last Seen & Online, calls, Groups, and Channels.

 

4. Telegram unique account identifier

By default, Telegram displays your username (nickname) in the dialog box. You can change the nickname as you please and thus it is not unique. As a result, attackers can easily create fake accounts using your nickname. If necessary, the legitimacy of the corresponding alias can be verified by identifying the unique ID on the account page, in the channel, through a bot, and in the group chat.

 

Channel and Public Group

Tap the channel or group icon, enter "Information page", and find "Invite Link", examples of t.me/[xxxxxx], where the suffix address after t.me is the unique identifier.

 

Individual Account and Bot

Tap on the profile picture, enter the user profile page, and find the username (e.g., @xxxxxxx) or phone number. This is the unique identifier. Although the nickname can be changed, the username in the user profile page is unique so that the attacker cannot create an identic one.

             

 

5. View Active Session 

You can check all of your device-logged records and active sessions under Settings > Devices. If you find any suspicious device login record, please report it to Info-Security immediately.