A. M. 
The growing popularity of online marketplaces has attracted scammers who prey on unsuspecting buyers and sellers, seeking to obtain payment card information. The research team at ESET, a leading proactive threat detection company, discovered that one such organized fraudster network – using Telekopye, a toolkit discovered by ESET in 2023 – expanded their operations to target users of popular accommodation booking platforms such as Booking.com and Airbnb, and increased their efforts to optimize their operations and maximize financial benefits.
“Telekopye is a toolkit that works as a Telegram bot, primarily to turn online marketplace scams into an organized illicit business. It is used by dozens of scammer groups, with up to thousands of members, to rip off buyers and sellers. They were identified as expanding their targets to popular accommodation booking platforms, such as Booking.com and Airbnb. This scam uses compromised accounts of legitimate hotels and accommodation providers”, commented Jakub Souček and Radek Jizba, ESET specialists in charge of the investigation.
The scammers contact a targeted user of one of these platforms, claiming that there is a problem with the user’s reservation payment. The message contains a link to a well-crafted, legitimate-looking web page that mimics the abused platform. The page contains preset information about a reservation, such as check-in and check-out dates, price and location. What ESET highlights is that the information provided on the fraudulent pages matches the actual bookings made by the targeted users.
“This makes the scam much more difficult to detect, as the information provided is personally relevant to the victims, it arrives through the expected communication channel and the linked fake websites look as expected. The only visible sign that something is wrong are the URLs of the websites, which do not match those of the legitimate spoofed websites. The scammers may also use their own email addresses for the initial communication (instead of the compromised accounts), in which case the emails could be more easily recognized as malicious”, the ESET team say.
Once the target victim completes the form on the phishing page, he or she is taken to the final “booking” step: a form requesting payment card details. As with marketplace scams, the card data entered into the form is collected by the scammers and used to steal the money from the mammoth card.
“According to ESET telemetry, this type of scam started gaining traction in 2024. Accommodation-themed scams saw a sharp spike in July, an increase that coincides with the summer vacation season in the regions. It remains to be seen whether this trend will continue,” ESET’s research team notes.
ESET noted that different groups implement their own advanced features in the toolkit, aimed at speeding up the scamming process, improving communication with targets, protecting phishing websites against disruption by competitors, and other objectives.
ESET shares some tips to stay protected against this type of scams:
- Always verify the person you are talking to, especially the history on the platform, the age of the account, the rating and the location: a location that is too far away, a new account with no history or a bad rating can be indicators of a scammer.
- With improvements in machine translation, a scammer’s messages may not raise red flags in terms of grammar. Instead of focusing on the language, pay attention to the conversation itself: overly anxious or assertive communication should raise some concern.
- Keep communication on the platform, even if your interlocutor suggests otherwise. Unwillingness to stay on the platform should be a major red flag.
- If you are a buyer, use secure interfaces within the platform throughout the buying process, provided they are available. Otherwise, insist on exchanging goods and money in person, or select reliable delivery services with the option to pay on delivery.
- If you are a seller, use secure interfaces within the platform throughout the sales process, whenever available. Otherwise, manage delivery options and do not accept those offered by the buyer.
- If it comes time to visit a link sent by the person you are talking to, be sure to carefully check the URL, content and certificate properties of the website before interacting with it.
