New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users

ESET Research found the Telekopye scam network targeting Booking.com and Airbnb. Scammers use phishing pages via compromised accounts to steal personal and payment details from travelers.

A recent investigation by ESET Research into the Telekopye scam toolkit network has highlighted a problematic development- the network’s expansion to target popular accommodation booking platforms like Booking.com and Airbnb.

ESET researchers reported a substantial increase in accommodation-themed scams in July 2024, surpassing Telekopye’s original marketplace-targeted scams for the first time. By leveraging compromised accounts of legitimate hotels and accommodation providers, these scammers create highly convincing phishing pages designed to steal personal and financial information from unsuspecting travelers.

**What is the **Telekopye Toolkit?****

Telekopye is a sophisticated toolkit that enables cybercriminals to launch online marketplace scams at scale. Operated by organized groups with thousands of members, Telekopye provides scammers with the tools and infrastructure needed to execute their fraudulent schemes efficiently.

Telekopye scammers, called “Neanderthals,” are targeting accommodation booking platforms through a variety of deceptive strategies. This includes compromised accounts, targeted emails, personalized phishing pages, and stolen payment information.

Neanderthals acquire legitimate accommodation provider accounts, likely through stolen credentials purchased on cybercriminal forums. Using these accounts, they send emails to users (Mammoths) with recent bookings, claiming a payment issue.

According to ESET’s report shared with Hackread.com, the email contains a link to a seemingly legitimate webpage mimicking the booking platform. The page includes pre-filled information about the user’s specific booking, making it highly believable. Once victims click on the phishing link, they are directed to a page designed to steal their personal and financial information, including credit card details.

“Throughout our tracking of Telekopye, we’ve observed that different Telegram groups implement their own advanced features into the toolkit, aimed at speeding up the scam process, improving communication with targets, protecting phishing websites against disruption by competitors, and other goals.”

Jakub Souček and Radek Jizba -C ybersecurity researchers – ESET

****The Growing Threat****

Telekopye scams have seen a notable surge in activity, particularly targeting Booking.com and Airbnb users during the summer holiday season. This indicates a growing trend and the need for increased attention from travelers.

Screenshots show fake Booking.com form and fake Booking.com payment created with the Telekopye toolkit (Via ESET)

It is worth noting that in late 2023, Czech and Ukrainian police arrested tens of cybercriminals using Telekopye, including key players, in two joint operations following ESET Research’s series. The operations targeted an unspecified number of Telekopye groups, which had accumulated at least €5 million /US$ 5.5 million since 2021.

The arrests helped identify their recruitment and employment practices, indicating that it was primarily managed by middle-aged men from Eastern Europe and West and Central Asia.

To protect yourself from Telekopye scams, always verify platform communication with official representatives and avoid clicking on external links. Be cautious of unusual requests for payment or additional information.

Additionally, use strong security practices, such as strong passwords and two-factor authentication. By understanding the Telekopye threat and implementing these protective measures, travelers can significantly reduce their risk of falling victim to these sophisticated scams.

1. RIG Exploit Toolkit Drops CeidPageLock Malware to Hijack Browsers
2. New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location
3. Telegram Android Vulnerability “EvilVideo” Sends Malware as Videos
4. FishXProxy Phishing Kit Making Phishing Accessible to Script Kiddies
5. New V3B Phishing Kit Steals Logins and OTPs from EU Banking Users