75

I was playing an online game and I came in contact with this user. She was listed as from the same country as me (Egypt). So when she asked me for my cell phone number, I gave it to her. I figured it was to add me on WhatsApp so we can chat or something.

However, I instead received an SMS message (titled 'Telegram') with a number, and she asked me to tell her that number. I asked what it's for, she said that she's from Canada (not the country she listed on her avatar) and that she needs that code I received to connect with me, since I'm outside Canada.

At the same time, I received a phone call (no number appeared on my screen) with an automated message. I hung up before hearing that message.

I refused to give this girl the code I received via SMS and parted ways.

My questions:

  1. Was this a scam?
  2. If yes, did I prevent the scam by denying this user the code?
  3. If not, what's at risk? Is my bank account at risk, for instance? (I only gave the user my cell phone number. No name, no address, nothing else whatsoever)
  4. If I am at risk, what do I need to do to prevent any theft of my information, passwords, money, etc.?
user13267
  • 359
  • 6
  • 16
Dooma
  • 693
  • 1
  • 5
  • 8
  • 3
    https://telegram.org/faq is related to what she was trying to connect to you with, I think. I don't have any familiarity with Telegram so I don't know if the process flow you've described is typical. – Monica Apologists Get Out Mar 29 '18 at 16:36
  • 25
    Let's be progressive ! I'm sure there are some female scammers ;) (but yes, trying to pass for a girl/woman is a common way to get a (teenager?) man's attention) – Aaron Mar 30 '18 at 09:29
  • 11
    "So when she asked me for my cell phone number, I gave it to her" there's your first mistake. – Ian Kemp Mar 30 '18 at 13:38
  • 5
    Some websites send you a password reset code on the phone number you specified as "recovery phone". You give her code, she resets your password. Your case is different but relevant to your question in general. – Salman A Mar 30 '18 at 18:12
  • 13
    **DON’T CHANGE YOUR NUMBER!** You “wised up” before any real risk was incurred. There is no risk if you didn’t go past what was described in your original post. Had you gone further and given up more info, then maybe that is a risk. But at this point the risk is silly at best. Many phone numbers are public in some way so changing a number is rash… It’s only advisable if that number is connected to something and the scammer can connect the pieces. As it stands, utterly no risk but a wee bit of sweat from the stress of realizing that you *might* have been scammed. – Giacomo1968 Mar 31 '18 at 01:37
  • @JakeGould I provided my number to Google to be used in case I need to recover my account. Is that a problem? – Dooma Mar 31 '18 at 14:02
  • 1
    @Dooma Nope. You still own and control your number, right? Then that is fine. In general you are in a panic state right now because you became aware someone was preying on you that’s it. You were smart enough to stop before it went any further. – Giacomo1968 Mar 31 '18 at 19:53
  • What is your cell number? I can check for you. – NonCreature0714 Apr 02 '18 at 19:53

5 Answers5

111

Let's go through the process of what actually happened:

  • Telegram requires a cell phone number to be linked in order to create an account.

  • To verify that the number exists, they send out a verification code for you to enter in the app while creating the account.

  • This person obviously didn't want their own cell phone number to be linked to the Telegram account, which is an indication they might use it in malicious ways (terrorism, hacking, …), so:

  • They tried to set you up to get that code.

So to answer your questions:

  1. Was this a scam?

    I'd call it gray zone. But yes, someone did try to scam you for a Telegram verification code.

  2. If yes, did I prevent the scam by denying this user the code?

    Yes, you did well, using common sense :-)

  3. If not, what's at risk? Is my bank account at risk, for instance? (I only gave the user my cell phone number. No name, no address, nothing else whatsoever)

    That depends, how visible are you on the internet? If you have domain names registered with that number, they can find that. Facebook linked? They can likely find that depending on privacy settings. In brief, if you've linked that number to a lot of accounts, they might find those accounts and the information that's publicly in them.

  4. If I am at risk, what do I need to do to prevent any theft of my information, passwords, money, etc.?

    "At risk" is a heavy word in this situation. They just want a Telegram account; I find it likely they just moved on to one of the other 50 people they PMed while talking to you.

Just keep an eye open for "strange things" (like hacking attempts to other accounts etc.), research yourself with that phone number and see if what you can find needs changing.

Community
  • 1
Nomad
  • 2,359
  • 2
  • 11
  • 23
  • 4
    Thank you. I'm Facebook linked. The scammer can know my first and last name from it, date of birth, and Gmail address. Is this sufficient information the scammer can use to do this "social engineering" thing where they convince a customer service rep that they're me and gain access to something of mine? I don't have an online account for bank services, so I think my money is safe. – Dooma Mar 29 '18 at 17:49
  • 16
    Technically, yes. But I doubt it would be of any use. It's not like they can magically take over your gmail account and click on activation links etc. But as I said, I think in this situation, their goal was a Telegram account. There's much easier ways to hack people than social engineering based on a handful of public info! – Nomad Mar 29 '18 at 18:51
  • No problem! Don't forget to mark the answer as accepted if it has helped you, so others with the same question can find it as well! – Nomad Mar 29 '18 at 20:36
  • 6
    @Dooma You should make your birth date and email private on Facebook... – Bakuriu Mar 29 '18 at 21:48
  • 1
    @Bakuriu Did it. – Dooma Mar 29 '18 at 21:57
  • 10
    @Nomad, Perhaps, they thought that Dooma had an account on Telegram (since Telegram doesn't have encryption turned on by default, then that means they could have accessed his private messages if he had any). https://thehackernews.com/2016/08/hack-telegram-account.html – Stephan Branczyk Mar 29 '18 at 22:05
16

It could easily have led to a scam. The request was to get access to Telegram using your phone number.
Works just like Whatsaap, when you register, you enter your number and a code is sent to your phone.
This could easily be removed by re-registering Telegram on your phone where it would repeat the process but make the other user using it unusable.
You may not use Telegram but some of your contacts may use it, and may try to contact you because they see you on the app. They may be conned in the process as they could think its you. You were clever to think twice but next time avoid giving your number so freely.

FuruiTatsu
  • 163
  • 5
  • 3
    Sadly we cannot tell who has good intentions or not, so caution is everything, if someone asks for your contact ask them to send theirs first. You can easily know if its real or not at that point. – FuruiTatsu Mar 29 '18 at 20:57
  • 4
    Multiple applications can connect to the same telegram account, unlike whats app – Ferrybig Mar 30 '18 at 14:31
6

There's also the risk of targeted attacks to your smartphone by having your number (e.g. Android or iOS vulnerabilities) through MMS or SMS. But the risk is low.

If changing your number is not to burdensome, you might want to change it.

And kudos on your quick thinking!

user31925
  • 71
  • 2
  • Thanks. I'll see what I can do regarding a new number. – Dooma Mar 29 '18 at 18:35
  • 17
    Most automated attacks via MMS/SMS target a wide range of numbers. You're no more at risk to those attacks for having shared your number. If it is a targeted attack, then you may be in trouble, but this doesn't seem like a targeted attack. So changing your phone number seems a bit of an overreaction. – Neil Smithline Mar 29 '18 at 19:00
  • Interesting point. – Dooma Mar 29 '18 at 20:13
  • 2
    also, to protect against this, it's far more important to install system patches (aka updates) on the smartphone. – Display Name Mar 30 '18 at 10:49
  • The original poster should not change their number. There is no risk if they didn’t go past what was described in the original post. Had the original poster gone further and given up more info, then maybe that is a risk. But at this point the risk is silly at best. Many phone numbers are public in some way so changing a number is rash… It’s only advisable if that number is connected to something and the scammer can connect the pieces. As it stands, utterly no risk but a wee bit of sweat from the stress of realizing that one *might* have been scammed. – Giacomo1968 Mar 31 '18 at 01:36
6

Contrary to what one of the other answers said, I wouldn't change your number over this. Most of the nuisance stuff from having your number comes from bulk data collection services who resell it. This girl, whomever she is, just wanted to create an account for potentially negative purposes and thought you were a useful patsy (props for having some common sense to not feed her what she wanted). I seriously doubt she'll contact you again, or even share your number with anyone.

Had you given in, I suspect she would have strung you along and tried to get you to do other unwise things (you'd be amazed what people will do for a female voice and a pretty picture, not having met the person).

Machavity
  • 3,766
  • 1
  • 14
  • 29
  • 100% correct. The vast majority of phone numbers are public for the most part. The risk only comes if that phone number is somehow connected to something nefarious or some two-factor authentication scam. Either way, this was a “nibble” at a scam and not a scam. – Giacomo1968 Mar 31 '18 at 01:33
2

I understood her intention i.e she wants to open a telegram account with your number. Telegram is a good app to maintain privacy but remember criminals also use telegram to maintain their privacy. Hence why she wants to do such a thing so that no one can discover her identity.

Note: Telegram is encrypted so what I mean by identity is her location.

You are completely safe because you didn't give her the code. As I earlier said, telegram is best for maintaining security, privacy.

But next time don't give your number to an unknown person :)

FuruiTatsu
  • 163
  • 5
user70421
  • 21
  • 1