Neanderthals’ preparation. These web scrapers scan listings, focusing on price, item description, and seller’s reputation and then rank them in a chart. As seen in Figure 10, the charts compare different listings by giving them scores by which Neanderthals decide which Mammoth to target next. Figure 10. Example of a web scraper chart (translated from Russian) Communication Once Neanderthals have picked a Mammoth to target, they start communicating with them with a carefully crafted plan in mind. To see how this communication is done, let’s look into a typical conversation that Neanderthals use when executing the Seller scam scenario. Figure 11. Example of conversation for the Seller scam scenario (translated from Russian) The Neanderthals’ language is coded and they avoid using words that could be flagged by online marketplace administrators as suspicious. They word their messages carefully to avoid raising any red flags. The main purpose of their communication is to build trust and convince the Mammoth to proceed with the online payment. Advanced tools One interesting piece that we discovered in the source code of Telekopye is the indication that senior Neanderthals have access to some more advanced tools than junior ones. These tools include automated trading algorithms, virtual phone numbers to use for communication, and access to a database of thousands of phishing websites that are frequently updated to bypass security checks and look as legitimate as possible. These advanced toolsets are reserved for trusted members of the group and are not accessible to newcomers. Interview with an administrator Finally, in our research, we were able to conduct an interview with an administrator of a Telekopye scamming group. The administrator, who we will refer to as Alex, shared some insights into how the groups operate and how they manage to evade law enforcement and security measures. Alex emphasized the hierarchical structure of the groups and how information is shared on a need-to-know basis. He also mentioned that the groups keep a lookout for potential infiltrations and report them swiftly. Additionally, he highlighted the importance of constantly adapting their scam tactics to avoid being caught. Conclusion To conclude, the second part of our blogpost has provided insights into the inner workings of Neanderthals, the scammers behind Telekopye. From the onboarding process, different tricks of trade, advanced tools, and even an interview with an administrator, we have gained a better understanding of how these cybercriminals operate. Our research has shed light on the intricate operations and the extensive preparation required to successfully scam unsuspecting individuals in online marketplaces. As we continue our efforts to combat cybercrime, we hope that the knowledge we are sharing will help others understand the tactics used by scammers and contribute to improved security measures to protect potential victims.

Source link