Executive Summary
- 01.Real companies require document trails (ATS). Telegram deletes them.
- 02.Recruiters communicate via corporate email, not encrypted apps.
- 03.A request to "Switch Apps" is the #1 indicator of a pivot scam.
The Anatomy of the Trap
It usually starts on LinkedIn or Indeed. The hook is set, and then comes the "Pivot." Here is exactly what the script looks like:
Fig 1. The common "Pivot" script used to move victims off safe platforms.
1. The Corporate "Chain of Custody"
HR logs everything. Interviews are conducted via corporate email, Zoom, or Teams so that legal compliance (EEOC) data is preserved in an Applicant Tracking System (ATS).
Telegram is designed for secrecy. Scammers use it because they can "Delete for Everyone" instantly. When you realize your money is gone, the evidence is gone too.
2. Domain Authority vs. Obscurity
Legitimate identity relies on DNS. If I email you from @google.com, Google's servers verify me.
Why Telegram fails verification:
- Anyone can claim the username @Amazon_HR_Manager.
- Anyone can copy/paste a company logo as their avatar.
- There is NO way to trace a Telegram user back to a corporate entity.
3. The File Transfer Payload
Telegram allows transferring huge files with zero friction. Scammers often say: "Please review the Job Contract attached."
It's not a PDF.
It is often an executable script (masked as .scr or .exe). Because you trust the context of an "interview," you bypass your PC's security warnings. This malware scrapes your browser for saved passwords immediately.