After two years, Telegram smishing is back, and account takeovers are here to stay

This report describes a renewed Telegram login smishing campaign in which phishing pages mimic Telegram, collect victims' phone numbers and login codes, and use user-agent bypass logic to avoid detection; compromised accounts can lead to leaked chats, personal data exposure, and secondary scams against contacts. It warns users not to follow unknown links, to avoid entering verification codes on external pages, and to enable two-step verification and session monitoring.