Telekopye transitions to targeting tourists via hotel booking scam

The emergence of online marketplaces has coincided with a rise in fraudulent activities, wherein cybercriminals exploit unsuspecting buyers and sellers to harvest sensitive payment information. ESET researchers have identified an organized scam network utilizing the Telekopye toolkit, which has significantly widened its focus to include users of major accommodation booking platforms such as Booking.com and Airbnb. Initially reported in a two-part blog series in 2023, this toolkit is used by scam groups to perpetrate fraud in online settings.

Recent findings reveal the evolving nature of Telekopye operations, as these scam groups optimize their strategies to enhance their financial outcomes. The criminal networks have diversified their targeting methods and increased their victim pool, particularly during the summer holiday season when booking activity surges. Data indicates that scams aimed at accommodation platforms outpaced traditional marketplace scams in terms of frequency, reflecting a strategic shift in fraud efforts.

Telekopye operates as a Telegram bot, enabling scammers, referred to as “Neanderthals,” to partake in fraudulent schemes without requiring significant technical knowledge. With usage dating back to at least 2016, the toolkit facilitates a structured operation among scam groups, which function similarly to a business with defined roles and practices. These groups target a wide array of online services, including notable platforms like eBay and Vinted, and utilize various methods to deceive victims into entering payment information.

The new scam strategies targeting accommodation booking platforms involve Neanderthals impersonating representatives from legitimate hotels. They reach out to users regarding purported payment issues and direct them to counterfeit websites resembling the booking platforms. These phishing sites feature information relevant to the user’s actual bookings, making them difficult to detect. This tactic leverages compromised accounts from actual hotels, making the scams feel more credible as they often arrive through expected communication channels.

Tracking data from ESET indicates that these accommodation-oriented scams saw substantial increases in detection starting in July 2024, corresponding with peak booking season. By August and September, detection levels between accommodation and traditional marketplace scams were comparable, marking a significant evolution in Telekopye’s operational focus.

In addition to expanding their reach, Telekopye groups have introduced advanced features to streamline their fraudulent activities. These improvements include automated phishing page generation to expedite scam operations, as well as interactive chatbots designed to engage victims while facilitating easier manipulation of communication. Furthermore, the groups employ anti-DDoS tactics to safeguard their phishing websites from rival groups, enhancing the sustainability of their operations.

Law enforcement initiatives in late 2023 resulted in significant arrests of key figures operating within the Telekopye network, revealing deeper insights into recruitment and operational strategies. Many of the network’s members appeared to be middle-aged men from Eastern Europe and Central Asia who recruited individuals facing economic hardships, often under coercive conditions. This investigation disclosed concerning practices, including the retention of staff’s personal documents and threats to ensure compliance.

To mitigate the risks of falling victim to such scams, users are advised to remain vigilant and recognize the signs of fraud. Specific precautions include verifying the credibility of contacts on marketplace platforms, maintaining communication through official channels, and exercising caution with any links received. For those engaged in accommodation bookings, it’s vital to ensure that all transactions occur through official platforms and to remain aware of potential phishing attempts when redirected to unfamiliar websites.

Overall, ESET’s ongoing research into Telekopye underscores the sophistication and adaptability of cybercriminal networks leveraging these toolkits. As scams continue to evolve, heightened awareness and proactive measures remain essential for users to protect themselves against emerging threats in digital marketplaces.