Credentials are posted to the Telegram API and the user is redirected. (Source: Cofense) A recently discovered phishing campaign attempted to steal victims' credentials by abusing the Telegram messaging app's API to create malicious domains that help bypass security tools such as secure email gateways, according to researchers at security firm Cofense. This particular phishing attack appeared active in mid-December 2020 and has since stopped. The targets of these malicious emails mainly worked in the U.K. financial services sector, Cofense notes. While the Telegram application offers secure, encrypted communication channels for its users, the Cofense report notes that the service also offers API options that can allow users to create programs that use the app's messages for an interface. In this case, the fraudsters used the APIs to create realistic-looking phishing domains that bypassed security tools.