How to Spot Telegram Group Scams

It’s late. You’ve just joined a Telegram group for some coin and you’re lurking through recent messages, when an account with a profile picture that looks just like the project’s official logo @s you and slides into your DMs:

“Hey, saw your question in the group. I’m one of the core team at @ProjectName_Team — we’re running a whitelist insider round right now, limited spots. I’ve reserved one for you. Link’s below — just connect your wallet, deadline in 30 minutes.”

It looks reasonable. The name, the picture, the wording all read like an official account, and there’s a ticking clock. You click. You connect. You sign one transaction — and seconds later your wallet is empty.

That’s not an unusual story. It’s one of the standard scripts on Telegram crypto groups. This piece walks through the most common formats, then hands you a short list of signals that almost never miss.

The most common Telegram scam shapes

Fake project team / fake admin. The scammer copies the project’s logo and name — often swapping one letter, adding an underscore, or replacing capital I with lowercase l — lurks in the official group, and DMs anyone who asks a question. Everything is dressed up as official, but real projects almost never DM users out of nowhere.

Fake support (wallets and exchanges). You mention “my withdrawal is stuck” in a group, and within minutes an account labeled “MetaMask Support” or “Binance Help” DMs you, asking you to “verify your seed,” “enter your private key on this page,” or “connect via WalletConnect.” Without exception, all of these are scams. Real wallet and exchange support never asks for your seed phrase or private key. See the fake support scam.

Fake airdrop / fake claim page. “New project airdrop — first 1,000 wallets to connect, claim instantly.” The page mirrors the real project, but the moment you sign, what you’re approving is an unlimited transfer of your USDT, or full operator rights over your NFTs. See the fake airdrop claim scam.

Drainer bots embedded in links. “Use this bot to join our presale — send ETH and it’ll auto-return tokens.” The group is salted with dozens of “I just got my returns!” screenshots to build atmosphere. Send ETH and the bot just shows you a fake “transaction confirmed” while returning nothing.

Sock-puppet accounts setting the scene. A new project group is full of accounts that look like ordinary users, chatting: “Just deposited 0.5 ETH, already doubled!” “This round is solid, ends tomorrow.” Those are all the scammer’s own accounts, manufacturing FOMO around the main pitch.

KOL / admin impersonation. Same name as a known group KOL with one letter changed, same avatar, lurking a while, then DMing “exclusive signals” or “private coaching.” More dangerous than the public market because the disguise is deeper and the pitch arrives uninvited.

A short list of signals that almost never miss

The shapes change; the triggers stay the same. Hit one of these and pause. Hit two and you can treat it as a scam outright.

They DM you first. You didn’t message them — they came to you. This is the single most reliable signal for Telegram crypto scams. Real projects, support, and KOLs almost never DM strangers about money.

They ask for your seed phrase / private key / wallet import code. Any such request, no matter how professional or how urgent the wrapper — it’s a scammer. No exceptions.

“Just connect and sign — it’s quick.” The trick isn’t the “connect” — it’s “sign what.” One malicious signature can drain tokens and NFTs from your account while the front end only says “connected.” See approval phishing.

Pressure, deadlines, scarcity. “10 minutes left,” “first 100 only,” “ends tonight.” Manufactured urgency is at the heart of every script — stopping you from thinking calmly is its actual job.

Near-identical avatars and usernames. @MetaMask_Support_ vs. @MetaMaskSupport. @VitalikButerin vs. @VitaIikButerin (capital I swapped for lowercase l). Tap the account, check registration date and shared groups — a few seconds is enough to bust the disguise.

They push a redirect link. Scammers love short URLs, redirector domains, fake Google Docs or Telegram-invite shells. Real project announcements typically link straight to the official domain.

They want you to install a new wallet, extension, or desktop client. “We have a dedicated app — install it and we’ll send you tokens.” Whatever you install here is usually a counterfeit wallet or a drainer. See fake wallet apps and extensions.

How to lurk safely

• Block DMs from strangers: Telegram’s “Who can send me messages” can be set to “My Contacts.” That alone kills most phishing.
• Don’t post specific problems publicly: saying “my wallet is stuck, address is 0xabc…123” is handing the scammers a target list.
• Refuse every “let me handle that for you”: any group member offering to take over or asking for your seed — block immediately.
• Use official channels for official info: project website, official announcement channel, official Twitter. Don’t trust screenshots forwarded in random groups.
• Don’t click DM links: even from accounts that look like people you know — verify the person on another channel first.
• Read the transaction before signing: when the wallet prompts, check whether it’s a transfer or an approval, whether the destination is one you know, and whether the amount is unlimited. See basic crypto security habits.

Common questions

• A big KOL DM’d me to coach my trading — is that legit? No. Even huge KOLs almost never DM strangers about money. This is exactly the slot impersonators fill.
• They showed me an “official verification screenshot” — does that prove it? Screenshots and badges are trivial to fake. Don’t look at the screenshot, look at the account itself — registration date, shared groups, message history.
• Adding a bot looks convenient — is it safer? The opposite. Telegram bots have no strong identity check, anyone can spin up a clone.
• Live “earnings screenshots” in the group — does that mean the project is real? Reverse it: the more screenshots, the more it reads like a performance, the more suspicious.

On Telegram, “they came to you” is itself a red flag

Back to the opening DM. Every part is engineered: timed to land right when you’ve just joined and don’t know who’s who, dressed in an official-looking name, wrapped in a deadline. The whole script exists to keep you from thinking.

Spotting Telegram group scams doesn’t require security expertise. Hold on to one rule and you’re already ahead: on Telegram, “they came to you” is itself a red flag. You didn’t message them — they messaged you. No matter how polished the wrapper, treat it as a scam by default. Stack on “never share the seed, never sign on an unknown page, never let anyone rush your decisions,” and you’ve already dodged most of the hooks. This article is for education only, not financial advice.