ESET Uncovers Telekopye Scam Network Targeting Booking.com and Airbnb Users through Compromised Hotel Accounts

ESET Uncovers Telekopye Scam Network Targeting Booking.com and Airbnb Users through Compromised Hotel Accounts

(IN BRIEF) ESET Research has revealed that the Telekopye scam network has shifted its focus to targeting users of Booking.com and Airbnb through compromised hotel accounts. By sending fake payment issue emails and directing users to fraudulent booking sites that mimic legitimate ones, the network has successfully defrauded victims, particularly during the summer travel season. The scams have surpassed Telekopye’s marketplace fraud in volume, and law enforcement has arrested key players in recent operations. ESET advises users to stay vigilant and avoid external payment links.

(PRESS RELEASE) PRAGUE/BRATISLAVA, 11-Oct-2024 — /EuropaWire/ — ESET Research has uncovered alarming new developments in the activities of the Telekopye scam network, which is now targeting popular accommodation booking platforms, including Booking.com and Airbnb. This scam network, which was initially focused on online marketplace fraud, has expanded its operations to exploit unsuspecting travelers using compromised accounts of legitimate hotels and accommodation providers. Telekopye, a toolkit accessible through a Telegram bot, enables cybercriminals to run highly organized scams with minimal technical knowledge. ESET’s latest findings, presented at the 2024 Virus Bulletin conference, reveal that these accommodation-related scams have surpassed the network’s traditional marketplace schemes, particularly during the summer holiday season.

ESET’s telemetry shows a significant spike in these booking scams starting in mid-2024, with the volume of detections doubling that of marketplace fraud. By using phishing tactics, scammers deceive users by sending emails that appear to be from the booking platforms, claiming issues with payment. The fraudulent emails direct victims to highly convincing, fake webpages that closely mimic the real Booking.com or Airbnb sites, complete with specific details like check-in dates and booking amounts. What makes these scams particularly effective is the use of compromised accounts of legitimate accommodation providers, allowing scammers to match the information with real bookings, making the deception harder to detect. Victims are lured into entering sensitive payment details on these fake sites, leading to significant financial losses.

According to ESET researcher Radek Jizba, who analyzed the Telekopye network, the scammers likely gain access to these legitimate accounts by purchasing stolen credentials from dark web forums. The targeted users are those who have recently made bookings but have yet to complete payment, adding another layer of credibility to the scam. The only warning signs are the URLs of the phishing sites, which do not correspond with the authentic platforms.

In addition to diversifying their targets, the cybercriminals behind Telekopye have also refined their tools to increase the sophistication and success of their operations. This shift in focus towards accommodation platforms, particularly during peak travel periods, has enabled the scammers to expand their illicit earnings, which authorities estimate at over €5 million since 2021.

ESET advises travelers to be cautious when handling booking-related communications. Users should always ensure they are still on the official platform and avoid being redirected to unfamiliar URLs for payment processing, as this is a common sign of fraudulent activity.

In late 2023, Czech and Ukrainian police conducted joint operations to arrest several key members of the Telekopye network, successfully targeting groups that had been running the scam since 2021. For more in-depth details on Telekopye and its operations, ESET Research has published a whitepaper titled “Marketplace scams: Neanderthals hunting Mammoths with Telekopye” on WeLiveSecurity.com.

About ESET

ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of known and emerging cyberthreats — securing businesses, critical infrastructure, and individuals. Whether it’s endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. An ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and X.

Media Contact:

Tel: +421 (2) 322 44 111
Fax: +421 (2) 322 44 109
Web: www.eset.com/int

SOURCE: ESET