Telekopye Expands to Target Tourists via Hotel Booking Scam

Telekopye scam toolkit
Example of a fake Booking.com form created by Telekopye | Image: ESET

In a new report from ESET researchers Jakub Souček and Radek Jizba, the Telekopye scam toolkit has evolved from targeting online marketplace users to exploiting tourists via accommodation booking platforms. This sophisticated phishing toolkit, originally discovered by ESET in 2023, has now shifted its focus to platforms such as Booking.com and Airbnb, exploiting unsuspecting users by mimicking legitimate booking processes.

Telekopye is a Telegram-based toolkit used by organized scam groups to defraud buyers and sellers across popular online marketplaces. As the ESET researchers explain, it operates as “a Swiss Army knife for turning online marketplace scams into an organized illicit business,” enabling even non-technical scammers to run phishing schemes with ease. The toolkit automates phishing page generation, allowing scammers—referred to as “Neanderthals”—to quickly create fake payment gateways to harvest victims’ payment details.

Initially used to target users on platforms like OLX, Vinted, and eBay, the scam has now branched out. The expansion into the tourism sector poses a new threat to those booking their summer vacations.

In 2024, Telekopye’s operations took a troubling turn. The scammer groups now target users of popular hotel booking platforms. By exploiting stolen credentials from legitimate accommodation providers, scammers pose as hosts and send messages to tourists claiming issues with their booking payments. These messages contain links to realistic-looking phishing pages, which mimic the appearance of trusted platforms like Booking.com or Airbnb.

What makes this scam particularly dangerous is the level of detail involved. The phishing pages contain real booking information—dates, prices, and locations—giving victims little reason to doubt their authenticity. The scammers achieve this by accessing legitimate provider accounts through stolen credentials bought on underground forums, making the scam difficult to detect.

According to ESET telemetry, there was a noticeable spike in these scams during the summer holiday season. The sharp increase in detections of these accommodation-themed scams in July 2024 even surpassed traditional marketplace scams for the first time, as tourists were prime targets.

The report from Souček and Jizba urges caution for anyone booking accommodations online. Travelers should carefully inspect URLs in emails or messages, ensure they use official platforms, and never provide payment information through external links.

Related Posts: