Russian speakers on Telegram have been utilizing a bot to facilitate comprehensive phishing campaigns targeted at patrons of widely recognized e-commerce platforms, including eBay. The cybercriminal profits are systematically distributed through a structured hierarchy reminiscent of corporate divisions.
In a recent article, ESET analyst Radek Jizba delved into “Telekopye,” a toolkit fashioned as a Telegram bot. The bot’s capabilities span from drafting emails and SMS notifications to producing ready-to-use phishing sites and aiding in image manipulation. This bot serves as a magnet for cyber felons, even those with scant technical know-how. Its primary victims are digital shoppers, mainly from Russia, but its reach spans globally.
Remarkably, Telekopye has sustained its relevance and active utilization for a solid eight years, indicating its enduring efficacy.
Major e-commerce platforms in Russia, like YULA and OLX are prime targets for Telekopye users. Specifically, OLX boasts over 10 billion monthly page visits and countless transactions. Yet, Telekopye doesn’t limit its scope to just Russia; it’s associated with various European and Western online retail platforms, eBay and BlaBlaCar being notable mentions.
A traditional phishing approach is employed: potential victims are singled out, made to trust the authenticity of the scammer through tailored communication, and then directed to a decoy e-commerce portal. Here, they’re prompted to share their card details, leading to a false transaction. The ill-gotten gains are then typically funneled through digital currencies.
“Type 2.0” veers towards ensnaring sellers, tricking them with assertions like “Payment received. Retrieve it from:”, trailed by a deceptive link.
Notably, the proceeds from these deceptions don’t directly enrich the perpetrators. The Telekopye ecosystem mimics an organizational layout, complete with distinct roles like administrators, moderators, and varying worker tiers. Admins pocket commissions ranging from 5-40% per scam, with role-specific earnings and activities meticulously documented.
Telekopye boasts a repertoire of preset templates – be it emails, texts, phishing websites, or financial documentation visuals.
For creating landing sites, fraudsters have it easy. Templates customized for particular nations, ranging from Slovakia to Australia, are available. Some might appear unpolished, but many convincingly mirror legitimate sites.
Additionally, for image-centric deceptions, they employ Render Bot, a related tool. This bot aids in editing visuals, such as doctoring an invoice image or tweaking screenshots from authentic apps. A variety of fonts ensure the tampered content seamlessly melds with the original.
Instead of scrutinizing minor inconsistencies in the meticulously crafted automated messages and visuals by Telekopye, one should be alert when the scammers deviate from their script, as that’s when they expose their weaknesses.