Telekopye, a tool utilized by fraudsters, has expanded its operations to target users of housing reservation platforms such as Booking.com and Airbnb. This set of tools operates through Telegram and is used by criminals to create phishing pages in order to steal user data.
Telekopye first came to light in 2023, when it was discovered that the tool allows for the creation of fake pages where victims unknowingly input their bank card information. Over the past year, fraudulent schemes employing Telekopye have evolved to target not only trading platforms, but also housing reservation services.
The fraud scheme typically involves criminals contacting users of these platforms, claiming there are payment issues with their reservation. Victims are then directed to a fake page that closely resembles the original platform. These fake pages display real booking information, making the fraud more convincing. Fraudsters acquire access to hotel and real estate accounts by purchasing stolen accounts on underground forums.
One notable feature of Telekopye is its user-friendly interface, allowing cybercriminals with limited technical knowledge to efficiently create fake messages, web pages, and phishing letters. Fraudsters operating with Telekopye work in structured groups, following predefined business models with set work hours. Detailed communication within these groups helps to manage the distribution of stolen funds.
According to data from ESET, fraudulent attacks on housing reservation services saw a significant uptick in 2024, particularly during the summer months. In July, these attacks surpassed traditional schemes targeting trading platforms in terms of frequency. By August and September, the frequency of attacks on both types of services had leveled out.
Telekopye continues to evolve, with fraudsters incorporating new features such as automated phishing page creation and built-in protection against DDoS attacks to fend off competitors. To safeguard against such fraud, ESET experts advise users to always verify the authenticity of messages, refrain from clicking on suspicious links, and utilize antivirus solutions that can detect phishing sites.