Press Center

Malware and antivirus software

News

ESET Research: Telekopye scammer network targets Booking.com and Airbnb

Created: 2024-10-14 04:05:10

  • ESET Research released new findings on Telekopye, a scam toolkit designed to help cybercriminals defraud people on online marketplaces.
  • Telekopye groups have expanded their targeting to popular accommodation booking platforms, such as Booking.com and Airbnb.
  • The attackers are utilizing compromised accounts of legitimate hotels and accommodation renters.
  • These scams were especially prevalent in the summer holiday season in the targeted regions, surpassing Telekopye's marketplace scams in ESET telemetry.

PRAGUE, BRATISLAVAOctober 10, 2024 — ESET researchers discovered that the organized scammer network Telekopye has expanded its operations to target users of popular accommodation booking platforms like Booking.com and Airbnb. They have also increased the sophistication of their victim selection and of targeting the two booking sites, where the phishing pages are even more believable than regular online marketplace ones. Telekopye is a toolkit that operates as a Telegram bot turning online marketplace scams into illicit organized business. It is used by dozens of scam groups with up to thousands of members to steal millions of euros from their victims. ESET Research presented the latest findings about Telekopye at the 2024 Virus Bulletin conference.

In the Telekopye scammer network, the scammers refer to the targeted buyers and sellers as Mammoths. The scammers, called Neanderthals by ESET researchers, require little to no technical knowledge – Telekopye takes care of everything in a matter of seconds. According to ESET telemetry, the booking scams started gaining traction in 2024. The accommodation-themed scams saw a sharp uptick in July, surpassing Telekopye’s marketplace scams for the first time, with more than double the detections. In August and September, the two categories continued at similar levels.

The growing popularity of online marketplaces has attracted fraudsters preying on unsuspecting buyers and sellers, looking to score credit card information rather than bargains. As this booking scam increase coincides with the summer holiday season in the targeted regions – prime time for taking advantage of people booking stays – it remains to be seen if this trend continues. Based on the 2024 data, these newer scams have amassed approximately half of the detection numbers of the marketplace variants. The newer scams focus mainly on two platforms – Booking.com and Airbnb – compared to the wide variety of online marketplaces targeted by Telekopye.

In this new scam scenario, scammers send an email to a targeted user of one of these platforms, claiming an issue with their booking payment. The email contains a link to a well-crafted, legitimate-looking web page mimicking the abused platform. The page contains prefilled information about a booking, such as the check-in and check-out dates, price, and location – and the information provided on the fraudulent pages matches real bookings made by the targeted users.

“The scammers achieve this by utilizing compromised accounts of legitimate hotels and accommodation renters on the platforms, which they most likely obtain through purchasing stolen credentials on cybercriminal forums. Using their access to these accounts, the scammers single out users who recently booked a stay and haven’t paid yet – or paid very recently – and target them,” explains ESET researcher Radek Jizba, who discovered and analyzed Telekopye. “This approach makes the scam much harder to spot, as the information provided is personally relevant to the victims and the websites look as expected. The only visible signs of something being amiss are the websites’ URLs, which do not match the impersonated, legitimate websites,” he adds.

Besides diversifying their target portfolio, Neanderthals have also tried to improve their tools and operations to increase their gains.

“Before filling out any forms related to your booking, always make sure you haven’t left the official website or app of the platform in question. Being directed to an external URL to proceed with your booking and payment is a strong indicator of a scam,” advises Jizba.

In late 2023, after ESET Research had published its two-part series on Telekopye, Czech and Ukrainian police arrested tens of cybercriminals utilizing Telekopye, including the key players, in two joint operations. Both operations were aimed against a further unspecified number of Telekopye groups, which had accumulated at least €5 million since 2021, based on police estimates.

For a more detailed analysis about the latest Telekopye activities, check out the latest ESET Research whitepaper “Marketplace scams: Neanderthals hunting Mammoths with Telekopye” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.




About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial +65 6296 4268.