Telegram-Based Phishing Operations Target E-commerce Users

Reading Time: ( Word Count: )

August 26, 2023

Russian speakers on Telegram have been utilizing a bot to facilitate comprehensive phishing campaigns targeted at patrons of widely recognized e-commerce platforms, including eBay. The cybercriminal profits are systematically distributed through a structured hierarchy reminiscent of corporate divisions.

In a recent article, ESET analyst Radek Jizba delved into “Telekopye,” a toolkit fashioned as a Telegram bot. The bot’s capabilities span from drafting emails and SMS notifications to producing ready-to-use phishing sites and aiding in image manipulation. This bot serves as a magnet for cyber felons, even those with scant technical know-how. Its primary victims are digital shoppers, mainly from Russia, but its reach spans globally.

Remarkably, Telekopye has sustained its relevance and active utilization for a solid eight years, indicating its enduring efficacy.

Major e-commerce platforms in Russia, like YULA and OLX are prime targets for Telekopye users. Specifically, OLX boasts over 10 billion monthly page visits and countless transactions. Yet, Telekopye doesn’t limit its scope to just Russia; it’s associated with various European and Western online retail platforms, eBay and BlaBlaCar being notable mentions.

Also Read: From WordPress Fame to Flame: The JupiterX Core Security Controversy

A traditional phishing approach is employed: potential victims are singled out, made to trust the authenticity of the scammer through tailored communication, and then directed to a decoy e-commerce portal. Here, they’re prompted to share their card details, leading to a false transaction. The ill-gotten gains are then typically funneled through digital currencies.

Telegram-Based Phishing Operations Target E-commerce Users

“Type 2.0” veers towards ensnaring sellers, tricking them with assertions like “Payment received. Retrieve it from:”, trailed by a deceptive link.

Notably, the proceeds from these deceptions don’t directly enrich the perpetrators. The Telekopye ecosystem mimics an organizational layout, complete with distinct roles like administrators, moderators, and varying worker tiers. Admins pocket commissions ranging from 5-40% per scam, with role-specific earnings and activities meticulously documented.

Telekopye boasts a repertoire of preset templates – be it emails, texts, phishing websites, or financial documentation visuals.

For creating landing sites, fraudsters have it easy. Templates customized for particular nations, ranging from Slovakia to Australia, are available. Some might appear unpolished, but many convincingly mirror legitimate sites.

Additionally, for image-centric deceptions, they employ Render Bot, a related tool. This bot aids in editing visuals, such as doctoring an invoice image or tweaking screenshots from authentic apps. A variety of fonts ensure the tampered content seamlessly melds with the original.

Instead of scrutinizing minor inconsistencies in the meticulously crafted automated messages and visuals by Telekopye, one should be alert when the scammers deviate from their script, as that’s when they expose their weaknesses.

Saher Mahmood

Saher Mahmood


Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...

Submit a Comment

Your email address will not be published. Required fields are marked *