It sounds like a scene from a techno-thriller: Hackers are hunting mammoths, and a Telegram bot is at the center of the storm. But no, this is not a science fiction novel. This is the reality and you could be the next target!
The origin: Telecopye exposed
What ESET researchers uncovered was no ordinary hacking tool. Telekopye, a Telegram bot, has revolutionized the way scammers target online shoppers.
One click, a few tips, and unsuspecting buyers – or as the crooks call them, mammoths – are caught in a web of deception and fraud.
A fraud system in bot guise
It's remarkably simple. Hackers choose their victim, lure them into a private Telegram chat and weave a web of trust. Before the victim realizes it, they are lured to a phishing website that Telekopye has created with disturbing precision. Whether eBay, BlaBlaCar or other marketplaces – these hackers have done their homework.
The machinery behind the scenes
The loot is not put directly into the hackers' pockets. A clever system of shared accounts and organizational fees ensures that each fraudster gets exactly what he is entitled to. An ecosystem of fraud controlled by an invisible puppet master: the Telekopye administrator.
In detail: How hackers act as “Neanderthals” when hunting
Phishing attacks on online marketplace users are inherently lucrative and easy for cybercriminals. Bargain hunters are quickly tempted by very good offers to click on a link and reveal their details. Hackers who use Telekopye also take advantage of this:
- At the beginning of an attack, cybercriminals select a victim and contact them via Telegram. In the private chat they then try to build trust with their target.
- If this is successful, they use Telekopye to create a phishing website and share it with the victim. The toolkit offers various HTML templates for websites in different countries, including Germany. The page is, for example, a product offer on eBay or a trip on BlaBlaCar. They can also create fake screenshots in just a few steps to make their fraud more credible
- If the user clicks or taps on the link, the targeted website asks them to enter their credit card details. If he complies, hackers use the stolen information to debit money from the credit card or account and then launder it.
- The money stolen in this way does not end up directly in the Neanderthals' account. Instead, all attackers use a common account controlled by the Telekopye administrator. Each hacker is logged and evaluated based on their contributions to this shared account. The fraudsters receive their payment from the Telekopye administrator, deducting organizational fees.
The art of protection in a digital minefield
ESET researcher Radek Jizba warns: “This toolkit is the jackpot for every cybercriminal.” But there is hope. A watchful eye, a critical look at offers, especially those that seem too good to be true, can be the key. What if these messages pop up in your chat apps out of nowhere? Yet another reason to be skeptical.
How to avoid being scammed
- An eye for detail:
Linguistic clues: The language scammers use can often be a telltale sign. Although many have refined their tactics, grammatical errors and unusual sentence structures can still be a sign that something is wrong. - Direct trading as the safest option:
Trading used goods on online marketplaces involves risks. The safest way is to exchange money and goods in person. But if that's not possible, caution is advised to ensure you don't fall for a scam. - Send the money?
Better check double! If you need to transfer money, take a moment to thoroughly review the website or request. Look for signs that could indicate fraudulent intent, from the website to the payment method. - Detect fraudulent links and messages:
It's easy to fall into a trap by clicking on a fake link. Always be alert and suspicious of unexpected messages or offers, even if they seem legitimate. - Keep familiar payment methods:
If you're familiar with a service or platform, stick with it. Scammers may try to push you towards lesser-known or unsafe payment methods.
Conclusion: Safety comes first
In a world where the line between reality and digital illusion is increasingly blurring, vigilance is key. Telekopye's revelation shows us a new facet of cybercrime, but it also shows us the importance of being informed and careful. The Internet is a wonderful place as long as we are aware of the shadows that lurk within it. Take care of yourself and don't let yourself become a mammoth!
For more technical information about Telekopye, see the blog post “ Telekopye: Mammoth Hunting with Telegram Bot ” on WeLiveSecurity. In a second Telekopye blog post we reveal the inner workings of the fraud groups.
Also read:
- Digital Services Act active from August 25, 2023? Scaremongering or legitimate concerns?
- Beware of fake virus warnings on your smartphone!
- Energy weapon responsible for forest fire on Maui? The fact check
- “Laser” in Maui was just a camera lens reflection
- Melting Antarctic Ice: The Facts Behind the Misleading Claims
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

