Researchers at ESET describe various types of scams launched by users of Telekopye, a telegram bot that assists in crafting social engineering attacks.
The scammers call their victims “mammoths,” so ESET has dubbed the scammers “Neanderthals.” The first type of scam is simply financial data theft via phishing sites.
“In this scenario, Neanderthals pose as sellers and try to lure unsuspecting Mammoths into buying some non-existent item,” the researchers write. “When a Mammoth shows interest in the item, the Neanderthal persuades the Mammoth to pay online rather than in person. If the Mammoth agrees, the Neanderthal provides a link to a phishing website provided by Telekopye and carefully crafted to resemble the payment page of the legitimate online marketplace listing the reputed item. Unlike the legitimate web page though, this page asks for an online banking login, credit card details (sometimes including balance), or other sensitive information. If the Mammoth enters this data, the phishing website automatically steals it.”
In another type of scam, the Neanderthals pose as buyers interested in an item being sold online.
“They show interest in the item a Mammoth is selling and claim they already paid via the providing platform,” the researchers write. “The Neanderthals proceed to send the Mammoths email or SMS messages (created via Telekopye) with a link to a carefully crafted phishing website (also created via Telekopye), claiming the Mammoth needs to click this link in order to receive their money from the platform. The rest of the scenario is very similar to the Seller scam with slight variations during conversation.”
The scammers are also beginning to launch real estate scams targeting people interested in renting apartments.
“During the preparation stage, Neanderthals write to a legitimate owner of an apartment, pretending to be interested and ask for various details, such as additional pictures and what kind of neighbors the apartment has,” the researchers write. “The Neanderthals then take all this information and create their own listing on another website, offering the apartment for rent. They cut the expected market price by about 20%. The rest of the scenario is identical to the Seller scam scenario – the Neanderthal waits for a Mammoth to show interest, and directs the Mammoth to pay a reservation fee via a link that, of course, actually points to a phishing website.”
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
ESET has the story.