Online travel scams are on the rise, and one of the most dangerous tools driving these frauds is Telekopye, a powerful scam toolkit now targeting users of platforms like Airbnb and Booking.com. Cybercriminals are using Telekopye to create convincing phishing websites that mimic legitimate booking platforms, tricking unsuspecting travelers into handing over their payment details. The scam is alarmingly effective, with fraudsters accessing real booking information to make their fake messages look more credible, leading victims into financial traps.
Originally identified by ESET Research in 2023, Telekopye has evolved from targeting online marketplace users to exploiting travelers. This shift has allowed cybercriminals to capitalize on the booming online travel industry, catching even experienced users off-guard. You can find more details in ESET’s comprehensive white paper.
What is Telekopye?
Telekopye is not just another phishing tool—it’s a full-fledged scam ecosystem designed to automate fraud operations. Scammers who use it—nicknamed “Neanderthals”—don’t need advanced technical skills. Instead, they rely on Telekopye’s user-friendly interface, which allows them to generate phishing websites, fake emails, and SMS messages with a few clicks.
Initially, the toolkit focused on online marketplaces. Fraudsters would pose as buyers or sellers, tricking victims—whom they refer to as “Mammoths”—into entering their banking information on fake payment pages. Now, Telekopye has expanded its capabilities to target the booming tourism industry, using compromised accounts on booking platforms to carry out convincing hotel booking scams. To learn more about how Telekopye helps scammers, check out this analysis by ESET.
How Do These Hotel Scams Work?
In this new scheme, scammers pose as representatives from real hotels or accommodation providers. They contact travelers through legitimate platforms, claiming there’s an issue with their booking payment. Since they often use compromised hotel accounts, the message seems authentic and contains personalized details, such as check-in dates, hotel names, and prices.
The victim is directed to a fake website that mimics the booking platform, where they are asked to re-enter their payment details to “resolve” the issue. This phishing page is nearly indistinguishable from the real site, making it easy for even tech-savvy users to fall into the trap.
The diagram below visually represents how the scam unfolds, providing a clear breakdown of each step from the initial scammer contact to the final act of stealing payment information.
The Evolution of Telekopye
1. Marketplaces to Hotels
Telekopye began as a toolkit for scamming buyers and sellers on online marketplaces like eBay, OLX, and Vinted. Scammers would create fake listings or pose as interested buyers, using fake payment pages to capture the victim’s financial details. This technique proved incredibly effective, prompting the fraudsters behind Telekopye to branch out into new areas.
In 2024, Telekopye groups began exploiting accommodation platforms like Airbnb and Booking.com. Using stolen credentials from legitimate accommodation providers, they send out phishing messages disguised as routine payment issues. Victims, already engaged in booking their travels, are less likely to scrutinize these messages, making this scam highly effective. More details about how scammers expanded from marketplaces to accommodation services can be found in the Chamber of Neanderthals’ secrets report.
2. Personalization: The Key to Success
What sets Telekopye scams apart is the high level of personalization. Unlike generic phishing attempts, scammers use real booking details—such as hotel names, check-in dates, and payment amounts—to create highly convincing fake pages. By accessing compromised accounts on platforms like Booking.com or Airbnb, they craft phishing messages that perfectly match the victim’s actual booking information, making the scam feel legitimate.
Key ways scammers personalize phishing pages:
- Use of accurate hotel names and booking dates.
- Mimicking real booking confirmation emails.
- Pre-filled booking and payment details that match the victim’s reservation.
This level of detail makes it much harder for victims to detect fraud. To avoid falling victim to such scams, always double-check URLs and verify any payment-related messages directly on the platform, rather than clicking on email links.
3. Advanced Features of Telekopye: Enhancing the Scam Process
Telekopye has evolved beyond a simple phishing toolkit into a sophisticated scam ecosystem. The toolkit comes equipped with a range of advanced features designed to speed up and automate the scamming process, making it easy for cybercriminals to deceive unsuspecting victims and steal their sensitive information. Below are some of the standout features that make Telekopye so effective in conducting large-scale fraud on platforms like Airbnb and Booking.com:
Automated Phishing Page Generation
One of Telekopye’s most powerful features is its ability to automatically generate phishing pages. In the past, scammers had to manually design these fake pages, a time-consuming process that also left room for errors. With Telekopye, cybercriminals can scrape data directly from the targeted platforms and produce highly realistic, cloned websites in a matter of seconds. These fake websites are often identical to legitimate ones, making it difficult for even tech-savvy users to detect any differences.
For example, a scammer targeting a user on Booking.com or Airbnb can quickly create a fraudulent page using real booking details scraped from the platform. The victim, unaware of the scam, is directed to the fake page, where they are asked to re-enter their payment information. Once submitted, the scammer collects the data and immediately exploits it.
Key takeaway: Automation drastically reduces the time needed to launch these scams, allowing scammers to scale their operations quickly and target multiple victims simultaneously.
Interactive Chatbots: Real-Time Victim Interaction
A striking feature of Telekopye is its use of interactive chatbots to engage victims in real-time. These chatbots are pre-programmed with responses to commonly asked questions, further enhancing the credibility of the fake website. The scammer monitors the chatbot and adjusts responses as needed, making the interaction feel more personalized and convincing.
For instance, if a victim asks, “Why is my payment not processing?” the chatbot might respond with something like, “Our system shows a problem with your card verification. Please re-enter your payment details to complete the transaction.” This seamless interaction helps lower the victim’s defenses and leads them to complete the process.
What’s particularly insidious is that these chatbots can provide responses in multiple languages, making the scam effective across different regions. This real-time communication creates a false sense of security, ensuring the victim is less likely to suspect any wrongdoing.
Example:
A traveler booking through Airbnb may interact with a chatbot on a fake Airbnb page. The chatbot could offer help with “processing payments” or “fixing booking issues,” all while guiding the victim toward entering sensitive financial information. The victim, believing they’re communicating with Airbnb’s support, follows the prompts without suspecting foul play.
Key takeaway: These chatbots create an illusion of legitimate customer service, drastically increasing the chances of success for the scam.
Anti-DDoS Protection: Shielding the Scam from Disruption
To keep their fake websites operational for as long as possible, Telekopye integrates anti-DDoS protection services, typically through providers like Cloudflare. Distributed Denial of Service (DDoS) attacks are often used by law enforcement or other rival scammers to take down phishing websites. By using anti-DDoS protection, scammers ensure that their phishing sites are resilient and harder to take offline.
This is particularly valuable during high-traffic periods, such as holidays or major travel seasons, when scams targeting platforms like Booking.com and Airbnb are most prevalent. The longer the phishing website stays live, the more victims it can ensnare. Anti-DDoS services also make it difficult for automated systems or cybersecurity researchers to identify and shut down these malicious websites.
Key takeaway: With anti-DDoS protection in place, scammers can run their fraudulent operations uninterrupted, increasing the potential for financial gain and extending the scam’s lifespan.
Tailored Victim Targeting Using Stolen Data
One lesser-known but extremely dangerous feature is Telekopye’s ability to use stolen data from previous breaches. Cybercriminals can purchase stolen credentials from dark web marketplaces and then use these credentials to access victims’ accounts on platforms like Airbnb or Booking.com. Once inside, scammers can tailor their attacks to each victim, using real booking data to craft highly convincing phishing messages.
For example, a victim might receive an email that references their upcoming stay at a hotel, complete with accurate check-in and check-out dates. The inclusion of personalized details makes the phishing message seem more legitimate, significantly increasing the likelihood that the victim will fall for the scam.
Key takeaway: By leveraging stolen data, scammers can craft highly personalized attacks that make their phishing messages even more convincing.
The Human Side of Telekopye: Victims and Perpetrators
While Telekopye is a tool for scammers, it impacts real people—both the victims and the perpetrators. According to a 2024 survey, 40% of respondents reported being scammed on online marketplaces. The financial losses are often devastating, with the average victim losing around $100 per scam. Beyond the financial toll, victims experience emotional distress, feeling betrayed by platforms they trusted.
Interestingly, many of the people operating these scams are not hardened criminals. Some are young individuals recruited through online hacking forums or job postings that promise “easy money.” In some cases, scammers are coerced into the role, trapped in difficult financial situations that make it hard for them to escape. This shadow economy fuels a cycle of exploitation, where both the perpetrators and the victims are caught in a web of fraud.
How to Protect Yourself from Telekopye Scams
As these scams become more sophisticated, it’s crucial to stay vigilant and follow best practices to protect yourself:
- Always Verify the Source of Communications:
If you receive an email or message claiming there’s an issue with your booking, do not click on any links. Instead, go directly to the platform’s website or app and check your booking status there. - Check the URL:
Before entering any payment information, double-check the website’s URL. Scammers often use domains that look similar to legitimate ones but have subtle differences (e.g., “.com.ru” instead of “.com”). - Use Secure Payment Methods:
Stick to using secure payment methods provided by official platforms. Avoid direct bank transfers or entering your financial information on unfamiliar websites. - Enable Two-Factor Authentication:
Enabling two-factor authentication on your accounts adds an extra layer of protection, making it harder for scammers to access your personal information even if they have your login credentials.
FAQs
What is Telekopye?
Telekopye is a toolkit used by scammers to automate phishing attacks. Initially targeting online marketplaces, it has now expanded to scam users on platforms like Airbnb and Booking.com.
How do Telekopye scams work?
Telekopye enables scammers to create fake websites that mimic legitimate payment gateways. Victims are tricked into entering their credit card or banking information, which is then used to steal money.
How can I avoid falling victim to these scams?
To protect yourself, always verify the source of any communication about your bookings. Check URLs for authenticity, use secure payment methods, and enable two-factor authentication on your accounts.
Conclusion: The Growing Threat to Travelers
As Telekopye continues to evolve, its reach has expanded beyond online marketplaces and into the travel industry, targeting unsuspecting travelers on platforms like Airbnb and Booking.com. The combination of advanced phishing techniques and personalization makes these scams particularly dangerous. Staying informed, vigilant, and cautious is your best defense against this growing cyber threat.
Stay safe, and always think twice before clicking that link.
