Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

a man holding a tablet with showing an online booking site

ESET researchers have discovered that the Telekopye organized network of fraudsters has expanded its operations to target users of popular booking platforms.

Telekopye is a set of tools that works like a Telegram bot. ESET, s.r.o., is a software company specializing in cybersecurity.

The network has also increased the sophistication of the selection of victims and the imitation of booking websites, making phishing pages even more credible than those used so far. Telekopye is a set of tools that works like a Telegram bot, turning online marketplace scams into organized illicit businesses.

It is used by dozens of fraudulent groups with up to thousands of members to steal millions of euros from their victims. ESET presented its latest findings on Telekopye at the Virus Bulletin 2024 conference. In the Telekopye scam network, members refer to the targeted buyers and sellers as Mammoths. The fraudsters, called Neanderthals by ESET researchers, require little or no technical knowledge – Telekopye takes care of everything in a matter of seconds.

According to ESET’s telemetry, booking fraud began to gain momentum in 2024. Accommodation fraud saw a sharp increase in July, overtaking Telekopye’s online marketplace scams for the first time, with more than double the number of detections. In August and September, the two categories remained at similar levels.

The growing popularity of online marketplaces has attracted cyber criminals who take advantage of unsuspecting buyers and sellers, looking to obtain credit card details rather than bargains. Since this increase in booking fraud coincides with the summer vacation season in the targeted regions – a prime time to take advantage of people booking stays – it remains to be seen whether this trend will continue.

Based on data from 2024, these new scams have accumulated approximately half the detection numbers of the online marketplace variants. The new scams focus mainly on two platforms – Booking.com and Airbnb – compared to the wide variety of online marketplaces targeted by Telekopye.

In this new scam scenario, fraudsters send an email to a target user of one of these platforms, claiming a problem with the payment of their booking. The email contains a link to a well-designed, legitimate-looking web page that mimics the platform used. The page contains pre-filled information about a booking, such as check-in and check-out dates, price and location – and the information provided on the fraudulent pages matches the actual bookings made by the targeted users.

The fraudsters achieve this by using compromised accounts of legitimate hotels and accommodation on the platforms, which they probably obtain by buying stolen credentials on cybercriminal forums. Through their access to these accounts, the fraudsters select users who have recently booked a stay and have not yet paid, or have paid very recently, and target them. This approach makes fraud much more difficult to detect, since the information provided is personally relevant to the victims and the websites look as expected. The only visible signs that something is wrong are the URLs of the websites, which don’t match the legitimate, impersonated sites.

Radek Jizba, ESET researcher who discovered and analyzed Telekopye.

As well as diversifying their target portfolio, the Neanderthals also tried to improve their tools and operations to increase their earnings. “Before filling in any form related to your booking, always make sure you haven’t left the official website or app of the platform in question.

Being directed to an external URL to proceed with the booking and payment is a strong indicator of fraud,” advises Jizba. At the end of 2023, after ESET published its two-part series on Telekopye, Czech and Ukrainian police arrested dozens of cybercriminals using Telekopye, including key players, in two joint operations. Both operations targeted an unspecified number of Telekopye groups, which had accumulated at least 5 million euros since 2021, based on police estimates.

Airbnb’s future, where people pay their rent via Airbnb

ESET – WIKI

Leave a Reply

Your email address will not be published. Required fields are marked *