Hamster Kombat Users Face Telegram Account Theft
According to Kaspersky Lab, Russian players of Hamster Kombat are being targeted by phishing attacks. Scammers are offering users the chance to withdraw funds from the game and convert them into rubles.
Experts report that in the first half of 2024, the number of attempts by Russian users to access various phishing sites imitating Telegram increased by almost 22% compared to the previous year. Meanwhile, cybercriminals are constantly coming up with new schemes to trick users into giving up their messenger account credentials.
How the Scam Works
In the latest scheme, scammers send Russian users links to phishing sites that supposedly allow them to withdraw coins from Hamster Kombat and convert them into rubles. However, to do this, users are asked to log in to Telegram by entering their credentials on a fake page.
Of course, no conversion actually takes place. Instead, the scammers simply steal access to the victims’ Telegram accounts.
Phishers’ Main Goal
The main objective of the phishers is to obtain the victim’s phone number and confirmation code. With access to these accounts, scammers can use them for various purposes, including stealing confidential data, blackmail, and sending fraudulent messages to the victim’s contacts, researchers warn.
“Account theft in messengers has long been a relevant cyber threat for Russian users. Attackers often use phishing schemes for this purpose. They lure people to fake pages using sensational topics and attractive stories. For example, in the case of Hamster Kombat, scammers claimed that the payout would occur within 15 minutes after successful authorization in Telegram,” commented Olga Svistunova, Senior Content Analyst at Kaspersky Lab.
Other Hamster Kombat-Related Scams
It’s worth noting that scammers are already exploiting other schemes related to Hamster Kombat. For example, they sell referrals that are mostly inactive, copy the Hamster Kombat app and try to obtain victims’ Telegram account credentials, seed phrases for their crypto wallets, or simply sell paid boosts in an attempt to extract money from victims.