ESET Research has uncovered a troubling expansion of the Telekopye scam network, which now targets popular accommodation booking services such as Booking.com and Airbnb. This development marks a significant shift in the landscape of online scams, where fraudulent activities have increasingly targeted unsuspecting travelers during peak booking seasons.
In July 2024, ESET researchers documented a dramatic rise in scams associated with vacation rentals and other accommodations, surpassing Telekopye’s previously dominant marketplace-targeted schemes. Cybercriminals exploit compromised accounts from genuine hotels and other lodging providers to create deceptive phishing pages. These pages are crafted to convincingly mimic legitimate booking sites, effectively tricking users into divulging personal and financial information.
The Telekopye toolkit represents a sophisticated set of resources that empowers cybercriminals to instigate large-scale scams. Operated by organized groups with numerous members, this toolkit provides the infrastructure necessary for efficient execution of fraudulent schemes. Scammers known as “Neanderthals” have developed various tactics to exploit accommodation booking platforms, including phishing emails, compromised credentials, and personalized deceitful webpages designed to extract sensitive information.
To carry out these schemes, the Neanderthals often acquire legitimate accounts from accommodation providers, likely through stolen credentials obtained from illicit forums. They target travelers—referred to in this context as “Mammoths”—by sending emails asserting there are payment issues with their reservations. These emails contain links to fake websites that closely resemble authentic booking platforms. Once unsuspecting victims enter their information on these pages, their personal and financial data, including credit card numbers, is harvested by the scammers.
A significant increase in Telekopye activities has been noted especially around the summer holiday season, emphasizing the pressing need for traveler vigilance. In late 2023, law enforcement agencies from the Czech Republic and Ukraine conducted operations that led to the arrest of numerous individuals involved with Telekopye. This crackdown followed ESET’s investigation and revealed that the cybercriminal enterprises had reportedly amassed at least €5 million (approximately US$5.5 million) since 2021.
The arrests provided insight into the organizational structure of these scams, indicating that operations were primarily run by middle-aged males from Eastern Europe and Central Asia. For business owners and travelers alike, the implications are clear: enhanced scrutiny of communications from such platforms is essential. Users should not only confirm the legitimacy of interactions with official representatives, but also practice robust security measures, including the use of strong passwords and two-factor authentication.
From a cybersecurity perspective, this evolution in telecommunication fraud aligns with several tactics identified in the MITRE ATT&CK framework. Techniques such as initial access through credential dumping and persistence through compromised accounts are likely instrumental in sustaining these scams. Recognizing and understanding these tactics can significantly mitigate the risk of falling victim to sophisticated cyber threats associated with the Telekopye network and similar fraudulent operations.
In summary, the rise of Telekopye scams affecting booking platforms underscores the importance of remaining vigilant while traveling online. By adhering to best practices in cybersecurity, users can better protect themselves against these rapidly evolving threats.
