Telekopye Phishing Toolkit Now Targeting Booking.com and Airbnb Users

Fraudsters using the Telekopye tool have expanded their operations and begun targeting users of accommodation booking services such as Booking.com and Airbnb. Telekopye is a toolkit operating via Telegram that criminals use to create phishing pages and steal user data.

Telekopye first came to light in 2023. The tool allows the creation of fake pages where victims input their credit card details. Over the course of a year, fraud schemes utilizing Telekopye have evolved to encompass not only marketplaces but also accommodation booking services.

The scam operates as follows: criminals contact users of these platforms, claiming there are issues with the payment for their booking. Victims are then prompted to click on a link leading to a counterfeit page that closely resembles the original. The page already displays information about the actual booking, making the deception more convincing. The criminals acquire access to hotel and property accounts by purchasing stolen credentials on underground forums.

One of the distinguishing features of Telekopye is its simplicity — cybercriminals do not need specialized technical expertise. The tool provides all the necessary means to create fake messages, websites, and phishing emails.

Fraudsters from groups using Telekopye operate under a business model, with well-structured hierarchies and fixed working hours. Detailed communication is maintained within the groups for each transaction, facilitating the management of stolen funds distribution.

According to ESET, fraudulent attacks on accommodation booking services surged in 2024, especially during the summer months. In July, such attacks surpassed the number of classic marketplace scams for the first time. By August and September, the frequency of attacks on both categories had equalized.

Telekopye is also constantly improving. The fraudsters have added new features, such as automatic phishing page creation and built-in DDoS protection to defend against competitor attacks.

To safeguard against such fraud, ESET experts recommend always verifying the authenticity of messages, avoiding suspicious links, and using antivirus solutions that can alert users to phishing sites.