The following text comes from a press release and in no way reflects the opinion of the editorial staff.
● Telekopye Groups expanded their targeting to accommodation booking platforms Booking.com and Airbnb.
● Attackers use compromised accounts of legitimate hotels and accommodation tenants.
● According to ESET telemetry, these scams were very prevalent during the summer holidays in the targeted regions and surpassed scams in Telekopye markets.
October 10, 2024 – ESET researchers discovered that Telekopye, an organized scam network, has expanded its operations and is targeting users of Booking.com and Airbnb platforms. They also improved their victim selection and targeting of the two booking sites, where the phishing pages are even more credible than those of traditional online marketplaces. Telekopye, a toolkit that functions like a Telegram bot, turns online marketplace scams into illicit organized activities. It is used by dozens of scam groups with up to thousands of members to steal millions of euros from their victims. ESET presented these findings at the Virus Bulletin 2024 conference.
In Telekopye’s network, scammers refer to targeted buyers and sellers as Mammoths. The scammers are called Neanderthals by ESET researchers and need little to no technical knowledge, Telekopye takes care of everything in seconds. According to ESET telemetry, booking scams gained ground in 2024. Accommodation scams saw a sharp increase in July, surpassing those on Telekopye marketplaces for the first time, with more than double the number of detections. In August and September, both categories continued at similar levels.
The popularity of online marketplaces attracts fraudsters who prey on unsuspecting buyers and sellers, seeking credit card information rather than good deals. The increase in booking scams coincides with summer holidays in targeted regions. According to 2024 data, these scams account for approximately half of marketplace variant detections. The new scams focus on the Booking.com and Airbnb platforms, compared to the variety of online marketplaces targeted by Telekopye.
In this scenario, scammers send an email to a targeted user of one of these platforms, citing a problem with the payment of their reservation. The email contains a link to a legitimate-looking web page imitating the abused platform. The page contains pre-filled information about a reservation, arrival and departure dates, price and location. The information provided on the fraudulent pages corresponds to the actual reservations made by the targeted users.
“Scammers achieve this by using compromised accounts of legitimate hotel and accommodation providers on the platforms, likely obtained by purchasing credentials on cybercriminal forums. Accessing these accounts, scammers target users who have recently booked a stay and have not yet or very recently paid,” explains Radek Jizba, the ESET researcher who discovered Telekopye. “This approach makes the scam harder to spot because the information provided is relevant to the victims and the websites look like they expect them to. The only signs of a problem are the website URLs, which do not match the spoofed legitimate sites,” he adds.
“Before filling out any form related to your reservation, make sure you have not left the official website or app of the relevant platform. Being redirected to an external URL to proceed with booking and payment is an indicator of a scam,” concludes Jizba.
In late 2023, after ESET published its results on Telekopye, Czech and Ukrainian police arrested dozens of cybercriminals using Telekopye, including key players. These operations targeted an unknown number of Telekopye groups, which, according to police estimates, had accumulated at least 5 million euros since 2021.
For a more detailed analysis of Telekopye, see the ESET Research white paper at www.welivesecurity.com “Marketplace scams: Neanderthals hunting Mammoths with Telekopye”
Related News :