May 18, 2024
By Cybervergent Team

Novel Telegram Bot on The Rise Employed by Cybercriminals for Large-Scale Phishing Scam

Brace yourselves for the emergence of a devious Telegram bot called Telekopye, fueling the schemes of malicious actors in their quest for widespread phishing exploits. According to research, Telekopye possesses the capability to create phishing websites, emails, SMS messages, and various other deceptive elements.

The individuals orchestrating the operation, identified by the codename Neanderthals, are recognized for managing the illicit enterprise under the guise of a legitimate company. This setup establishes a hierarchical structure involving diverse members assigned to different roles. After potential Neanderthal recruits respond to advertisements on underground forums, they receive invitations to participate in specific Telegram channels. These channels serve as a means for Neanderthals to communicate with each other and maintain records of transactions.

The primary objective of the operation is to successfully execute one of three types of scams: seller scams, buyer scams, or refund scams. When Neanderthals act as sellers, they attempt to entice unsuspecting merchants into buying a non-existent item. In buyer scams, Neanderthals impersonate buyers to deceive merchants into divulging their financial information, ultimately leading to the loss of their funds. While situations that fall into the classification of refund scams, are situations where Neanderthals deceive merchants for a second time by falsely promising a refund, only to subtract the same amount of money once again.

Selecting a merchant for a buyer scam involves a careful and intentional process that considers various factors such as the victim's gender, age, online marketplace experience, ratings, reviews, number of completed trades, and the nature of the items they are selling. This indicates a preparatory phase that includes thorough market research. Neanderthals also employ web scrapers to analyse online marketplace listings and identify an optimal merchant likely to fall victim to their deceptive scheme.  If a merchant prefers in-person payment and delivery, Neanderthals claim to be either too distant or on a business trip, while simultaneously expressing heightened interest in the item to enhance the scam's chances of success.

Additionally, Neanderthals utilize VPNs, proxies, and TOR to maintain anonymity. They are observed engaging in real estate scams by creating fraudulent websites featuring apartment listings, enticing merchants to pay a reservation fee through a phishing link. Jizba further stated that Neanderthals contact the genuine owner of an apartment, feigning interest and soliciting various details, such as additional pictures and information about the neighbours.

Subsequently, the Neanderthals use this gathered information to craft their own listing on a different platform, presenting the apartment for rent. They reduce the advertised market price by approximately 20%. The subsequent steps in this scheme closely resemble the seller scam scenario.


  • Content Filtering: Deploy systems that screen and prevent the dissemination of malicious content or links linked to phishing scams.
  • Two-Factor Authentication (2FA): Promote the adoption of 2FA to provide an additional security layer for user accounts.