Phishing attacks

Telekopye Telegram Bot Allows Cybercriminals’ Phishing Scams

Telekopye, a newly discovered Telegram bot, has made a shocking disclosure. Threat actors are using this bot to plan large-scale phishing scams.

ESET researchers recently revealed details about the Telekopye toolkit, which simplifies online scams for persons with insufficient technical knowledge. This is an update to the company’s August 2023 initial investigation.

Cybercriminals can create convincing phishing websites, emails, SMS messages, and more with Telekopye, according to security expert Radek Jizba from ESET. This makes Telekopye a very advanced tool.

ESET monitoring shows that the Telekopye Toolkit is actively being developed and is now in use. The criminals call their victims as “Mammoths,” and ESET has labelled these cybercriminals as “Neanderthals.”

Telekopye Bots and Scammer Recruitment Techniques

Threat actors have effectively disguised as a real organisation, allowing them to operate inside an organised system. Enlisted from underground forums, interested Neanderthals can access Telegram channels. These channels let members communicate with each other and offer a way to keep an eye on things that are going on.

The operation aims to carry out one of three scams—seller, buyer, or refund. In seller scams, Neanderthals pose as merchants and trick Mammoths into buying fake products. To trick Mammoths (merchants) into disclosing their financial information and compromising their money, Neanderthals pose as purchasers in buyer scams.

Neanderthals use a variety of techniques to execute their schemes successfully. In seller scams, they create additional photographs of the non-existent item in the hopes that Mammoths would ask for more information.

Furthermore, they modify photographs obtained from the internet in order to prevent reverse image searches.

Scammers also try to engage in refund scam by tricking people into thinking they would get their money back. But in the end, during this second exchange, they deduct the same amount of money.

Hiring Neanderthals through a Forum
Hiring Neanderthals through a Forum (Eset)

Advanced buyer scams need detailed planning and investigation. Neanderthals deliberately choose their victims based on a variety of criteria, including age, gender, familiarity with online marketplaces, ratings, and reviews, as well as the types of products sold and closed deals. Their chances of success increase significantly with this customised strategy.

Telekopye Toolkit generates Phishing URLs
Telekopye Toolkit generates Phishing URLs (Eset)

It appears that Neanderthals have embraced a primitive version of online anonymity, using TOR, VPNs, and proxies to look into real estate scams. The Neanderthals put together a fraudulent real estate plan, creating fake apartment postings to attract Mammoths.

They engage real owners of apartments for information, which they then use to set up their own listings on several websites, selling these homes at reduced rates.

This deceptive technique is similar to the seller scenario, forming a constant pattern throughout the scam.

Legitimate online markets frequently have built-in chat features with moderation. Sending links over these conversations may raise red flags and result in a suspension.

Individuals try to get around this by encouraging others to move their conversations to less-monitored chat platforms, which complexities to internet security.

They make similar reasons as those who oppose in-person delivery. They contend that leaving the house is essential, making it harder to use a cell phone. However, they claim to be able to carry on conversations on particular chat applications.

Neanderthal statistics show that about half of Mammoths are responsive to platform modifications. Out of these, 20% could become victims of fraud, meaning that the success rate is 10% overall.

Neanderthals engaged in groups, forming rules and guides. They also had channels devoted to storing transaction logs. While following their own set of rules, Telekopye Toolkit attackers often refer to law enforcement and researchers as “rats.”

Russian internet marketplaces like OLX and YULA are the main targets of this fraud. However, non-Russian targets have also been discovered by ESET researchers, including eBay, Sbazar, Jófogás, and BlaBlaCar.

Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by increasing user awareness about these types of attacks. Phishing Tackle is a great resource that can help you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks. 

Although technology can be helpful, it cannot spot 100% of phishing emails. Therefore, user education is important to minimising the impact of any successful attacks. Consulting with Phishing Tackle can provide valuable insights and tools to help you strengthen your defences against phishing attacks.

Recent posts