November 24, 2023 at 11:12AM
A malicious bot called Telekopye is being used by threat actors for large-scale phishing scams. The bot can create phishing websites, emails, SMS messages, and more. The threat actors, known as Neanderthals, operate as a legitimate company and recruit members through underground forums. Their main goal is to carry out scams involving sellers, buyers, or refunds. The activity tracked as Telekopye is linked to a scam-as-a-service program called Classiscam, which has made $64.5 million in illicit profits since 2019. The Neanderthals employ various techniques such as web scrapers, VPNs, proxies, and TOR to remain anonymous. They also engage in real estate scams, creating bogus apartment listings and phishing websites to deceive victims. Check Point recently uncovered a rug pull scam that stole almost $1 million by enticing victims to invest in fake tokens.
Key Takeaways from Meeting Notes:
– A malicious Telegram bot called Telekopye is being used for large-scale phishing scams.
– The threat actors behind the operation, known as Neanderthals, run it as a legitimate company with a hierarchical structure.
– Neanderthals recruit members through underground forums and communicate through designated Telegram channels.
– The goal of the operation is to execute three types of scams: seller, buyer, or refund.
– Neanderthals use various tactics such as posing as sellers, buyers, or offering refunds to deceive their targets.
– The activity tracked as Telekopye is linked to Classiscam, a scam-as-a-service program that has generated $64.5 million in illicit profits since 2019.
– Neanderthals engage in extensive market research to select ideal targets.
– They use web scrapers and employ tactics like claiming to be unavailable for in-person transactions to increase the success of the scam.
– Neanderthals utilize VPNs, proxies, TOR, and even real estate scams to maintain anonymity and deceive victims.
– Another scam called the rug pull scam has managed to pilfer nearly $1 million by tricking victims into investing in fake tokens.
Please note that these takeaways are a summary of the meeting notes and may not capture all the details.