The rise of online shopping has brought about a new wave of convenience for consumers. With just a few clicks, goods can be ordered and delivered to your doorstep without the hassle of going to physical stores. Additionally, online marketplaces often offer competitive prices, allowing shoppers to save money. However, with the growing popularity of online shopping, scammers have found a way to exploit these platforms and their unsuspecting customers.
In a recent discovery, researchers uncovered the source code of a toolkit designed specifically for scammers. This toolkit, known as Telekopye, operates as a Telegram bot and provides scammers with easy-to-navigate menus that can accommodate multiple scammers at once. Its purpose is to assist scammers in targeting online marketplaces, particularly those popular in Russia.
One of the main features of Telekopye is its ability to create phishing web pages from predefined templates. Scammers can customize these templates to resemble payment or bank login sites, credit/debit card payment gateways, or payment pages of various websites. By convincing their victims to input their card details on these fake pages, scammers can easily steal money from their unsuspecting victims’ credit or debit cards. Some versions of Telekopye even have the ability to store victim data, such as card details and email addresses, on the disk where the bot is run.
The operators of Telekopye are organized in a clear hierarchy, with one or more scammers operating simultaneously and independently in a Telegram group. The toolkit provides buttons and menus to make scamming easier for the scammers. For example, scammers can view their ongoing scam advertisements and profile information, such as the number of scams pulled off and the amount of money ready for the next payout.
Telekopye has been in use since at least 2015, with continuous development and updates. It has been uploaded to VirusTotal multiple times, primarily from Russia, Ukraine, and Uzbekistan. While the main targets of the scammers using Telekopye are online markets popular in Russia, they also target online markets that are not native to Russia, such as BlaBlaCar or eBay. These scammers have been able to infiltrate large marketplaces like OLX, which had billions of page views and millions of transactions per month.
The toolkit itself is very versatile, offering functionalities like sending phishing emails, generating phishing web pages, sending SMS messages, creating QR codes, and creating phishing screenshots. By utilizing these features, scammers can trick their victims into divulging personal information and falling victim to their scams. However, it’s important to note that Telekopye does not contain any chatbot AI functionality and does not actually perform the scams itself. Instead, it aids scammers in generating content used in the scams.
The scam scenario usually involves Neanderthals (the scammers) targeting Mammoths (the victims). The scammers find their victims, earn their trust, and then use Telekopye to create phishing web pages and send the URLs to the Mammoths. Once the Mammoths input their card details on these fake pages, the scammers use the information to steal money from their credit or debit cards. There is a missing link between when money is scammed from the Mammoths and the payout to the scammers, which is usually done in cryptocurrency.
The discovery of Telekopye sheds light on the extent to which scammers will go to exploit online marketplaces and their customers. It serves as a reminder for online shoppers to be cautious and vigilant when making online purchases, especially from unknown sellers. It’s important to verify the legitimacy of a seller and to ensure that the payment process is secure before providing any personal or financial information. By staying informed and practicing safe online shopping habits, consumers can protect themselves from falling victim to scams like those facilitated by Telekopye.