Fake Telegram Verification Code Theft Scam
Fraudsters impersonate Telegram or send messages through compromised accounts to trick users into sharing their Telegram login code, enabling a full account takeover.
Part of: Fake Two-Factor Authentication Scams
Last reviewed: 7 June 2026
Telegram's registration and login system uses SMS or in-app codes to authenticate users. This simplicity is also a vulnerability: whoever possesses the current login code for a phone number can authenticate as that user on any device. Scammers have developed systematic methods to acquire these codes through social engineering.
Because Telegram is popular among journalists, activists, investors, and cryptocurrency communities, a compromised Telegram account can yield high-value intelligence, group memberships, private files, and contact details. This makes Telegram accounts disproportionately targeted.
The scam often works through Telegram itself: a hijacked account messages contacts asking them to forward a code 'that was sent by mistake', or a message purportedly from 'Telegram Support' asks users to confirm their number by entering the code.
How this scam works on the Telegram brand
Telegram sends login codes only when a user explicitly initiates a login on the official Telegram app or web client at web.telegram.org. The official Telegram service account — which appears in your chat list as 'Telegram' with a verified tick — sends security notifications inside the app. Telegram does not send codes via SMS asking you to confirm them elsewhere, and it does not message users from regular accounts.
A typical attack involves a message from a hijacked contact: 'Hey, I accidentally sent a Telegram code to your number, can you forward the digits?' The code is actually the attacker's login code for the victim's own account — once forwarded, the attacker logs in and the victim is expelled from their session.
Other variants involve a message from an account claiming to be 'Telegram Security Center' or 'Telegram Verification' with a blue checkmark that is fabricated through a username rather than genuine verification. These messages ask users to enter their phone number and confirm the code to 'verify their account status'.
Common red flags
- A contact asks you to forward a Telegram code that 'arrived on your phone by mistake' — this is always a scam
- A message from 'Telegram Support' arrives from a regular chat, not from the official system Telegram account
- You receive an SMS Telegram code you did not request — someone is attempting to log into your account
- A 'security alert' asks you to confirm your phone number and enter a code on an external website
- A bot or account asks for your phone number and the login code to 'prevent suspension'
- You are suddenly logged out of Telegram on your own device without changing your settings
How to protect yourself
- Enable Telegram's Two-Step Verification: Settings > Privacy and Security > Two-Step Verification — adds a password requirement beyond the SMS code
- Never share a Telegram login code with anyone, regardless of the reason given
- Set up a username in Telegram so you do not need to give out your phone number to contacts
- Review active sessions in Settings > Privacy and Security > Active Sessions and terminate any you do not recognise
- Treat any unexpected SMS Telegram code as a signal that someone is actively trying to access your account
How to report it
- Report suspicious accounts within Telegram: open the profile, tap the three-dot menu, and select 'Report'
- Forward phishing messages to Telegram's official @notoscam or @SpamBot within the app
- Report to Action Fraud at actionfraud.police.uk (UK) or the FTC at reportfraud.ftc.gov (US)
- If your account was taken over, contact Telegram Support at telegram.org/support
Frequently asked questions
Does Telegram's official service account ever send security warnings by message?
Yes. The official 'Telegram' system account (which appears with a blue verified checkmark in your chat list) sends genuine security notifications such as login alerts. However, it never asks you to reply with a code or click a link to verify your account. Messages requesting codes from any account — including one that looks like Telegram — should be ignored.
What is Two-Step Verification on Telegram and why does it matter?
Two-Step Verification adds a password of your choosing as a second factor, in addition to the SMS or in-app code. Even if an attacker obtains your login code, they cannot log in without this password. It is the most effective single protection against Telegram account takeover.
My Telegram account was taken over. How do I get it back?
If you have Two-Step Verification enabled, you can terminate the attacker's session from another device using your password. If not, contact Telegram Support at telegram.org/support with your phone number. You can also re-register by requesting a new login code to your phone number, which will terminate other sessions.