Researchers from the company "ESET" are warning about a significant rise in scams on digital platforms such as "Booking" and "Airbnb."
Fraudsters are exploiting compromised accounts of hotels and accommodation providers on these platforms, creating highly convincing phishing pages designed to steal personal and financial information from travelers.
They use "Telekopye," a sophisticated toolkit that enables large-scale fraud. "Telekopye" is employed by organized groups with thousands of members. It provides the tools and infrastructure necessary for their schemes.
Scammers, known as “Neanderthals,” target booking platforms using various tactics. This includes compromised accounts, targeted emails, personalized phishing pages, and stolen payment information.
Neanderthals hack accommodation accounts, likely using stolen passwords purchased on hacking forums. They then send emails to users ("Mammoths") with recent bookings, claiming there is a payment issue.
These emails contain a link to a seemingly legitimate website that closely resembles the actual booking platform.
The site comes pre-filled with information about the user's specific booking, making it highly convincing. When victims click the link, they are directed to a page designed to steal their personal and financial data, including credit card details.
"During our monitoring of 'Telekopye,' we observed that various Telegram groups implement their own advanced features into the toolkit, aimed at speeding up the fraud process, improving communication with targets, protecting phishing websites from competitor interference, and other goals."
"Telekopye" scams have seen a notable increase, especially among users of "Booking" and "Airbnb" during the summer season.
At the end of 2023, Czech and Ukrainian police, during two joint operations, arrested dozens of cybercriminals using "Telekopye." These operations targeted an unspecified number of "Telekopye" groups, which have stolen at least five million euros since 2021.
The arrests helped expose their recruitment and employment practices, revealing that these schemes were primarily run by middle-aged men from Eastern Europe and Western and Central Asia.
To protect yourself from "Telekopye" scams, be cautious of unusual payment requests or additional information demands. Avoid clicking suspicious links in emails, use strong passwords, and enable two-factor authentication.