ESET researchers discovered that the organised scammer network Telekopye has expanded its operations to target users of popular accommodation booking platforms like Booking.com and Airbnb.
In this new scam scenario, scammers send an email to a targeted user of one of these platforms, claiming an issue with their booking payment. The email contains a link to a well-crafted, legitimate-looking web page mimicking the abused platform. The page contains prefilled information about a booking, such as the check-in and check-out dates, price, and location – and the information provided on the fraudulent pages matches real bookings made by the targeted users.
Once the target fills out the form on the phishing page, they are brought to the final step of the “booking” – a form requesting payment card information. As in the marketplace scams, card details entered into the form are harvested by the scammers and used to steal money from the victim’s card.
The scammers utilise compromised accounts of legitimate hotels and accommodation renters on the platforms, which they most likely obtain through purchasing stolen credentials on cybercriminal forums. Using their access to these accounts, the scammers single out users who recently booked a stay and haven’t paid yet – or paid very recently – and target them.
This approach makes the scam much harder to spot, as the information provided is personally relevant to the victims and the websites look as expected. The only visible signs of something being amiss are the websites’ URLs, which do not match the impersonated, legitimate websites.
Although operating at least since 2016, in 2024 Telekopye groups have expanded their scamming playbook with schemes targeting users of popular online platforms for hotel and apartment reservations, such as Booking.com and Airbnb. They have also increased the sophistication of their victim selection and targeting.
Telekopye groups have a business-like operation, with a clear hierarchy, defined roles, internal practices – including admission and mentoring processes for newcomers – fixed working hours, and commission payouts for Telekopye administrators. The Workers performing the scams must turn over any sensitive information stolen, and do not actually steal any money – that is managed by other roles in the organisation.
In late 2023, after ESET Research had published its two-part series on Telekopye, Czech and Ukrainian police arrested tens of cybercriminals utilising Telekopye, including the key players, in two joint operations. Both operations were aimed against a further unspecified number of Telekopye groups, which had accumulated at least €5 million since 2021, based on police estimates.
The full analysis of the scam and a link to the full whitepaper are available on ESET Ireland’s official blog.
Guest post by ESET Ireland. You can follow ESET Ireland on X (ex-Twitter), Facebook or LinkedIn for more cybersecurity tips.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.