Hackers are currently using a Telegram tool kit to pull massive phishing scams on online markets, cybersecurity researcher ESET reported.
According to the study, hackers are using Telekopye bots to target popular e-commerce sites in Russia like YULA or OLX by passing as legitimate companies.
Online marketplaces from other countries like BlaBlaCar, eBay, and Sbazar have been reported to suffer similar incidents as well.
Hackers, known as Neanderthals, are exploiting the toolkit to generate fake websites, send SMS texts and emails, and create fake screenshots to unsuspecting users.
Both sellers and buyers have been reported to fall victim to phishing schemes.
What is more grievous, the scam can be pulled by individuals with limited technical knowledge of hacking.
Telokopye Phishing Scheme
The Neanderthals are employing Telekopye to create fake payment sites where unaware victims, dubbed as Mammoths, could purchase online. Hackers do the same to people looking for refunds.
This gives the hackers a chance to harvest sensitive information from the user as well as scam money out of their pockets.
The threat actors are able to illegally collect online banking logins, and credit card details from these operations.
Sellers also prey victim to the scam as hackers pretend as potential buyers, sending a link where the user can supposedly access the payment. Clicking the link allows hackers to collect user data.
Telekopye remains in use and in active development as a Telegram toolkit.
Related Article : Google Calendar Now Vulnerable to Hacking Exploits
How to Protect Self from Phishing Scams
ESET recommends several ways users can protect themselves against phishing attacks.
Most important is recognizing signs of a phishing scheme when engaging with strangers online. Online scammers and hackers can be spotted with these several hints:
- Informal or ambiguous greetings
- Request for personal details
- Poor grammar
- Urgent request
- Suspicious domains or websites
It is advised for both users and sellers to only access legitimate and protected websites when transacting. Subscribing to anti-phishing software can provide added protection from scams.
ESET has launched investigations on the phishing scams in early August this year.