EBay Users Beware Russian Telekopye Telegram Phishing Bot

Thanks to a simple Telegram bot that democratizes phishing, ordinary Russians can conduct full-fledged phishing attacks with zero technical know-how.

Russian-language Telegram users are using a bot to automate end-to-end phishing campaigns against users of popular ecommerce sites like eBay, and spreading the resulting wealth in a corporate-like structure with administrators and workers.
In
a blog post published today
, ESET researcher Radek Jizba described Telekopye, a phishing toolkit designed as a Telegram bot. Telekopye can write emails and SMS messages, generate prefabricated phishing pages, and enable users to manipulate images. It has attracted a community of
cybercriminals with little to no technical capability
, enabling them to scam online shoppers and sellers primarily in Russia, but also countries around the globe.
Telekopyes success is best evidenced by the fact that its already eight years old, and still actively used and updated today.
Scammers primarily target users of popular Russian ecommerce websites, like YULA and OLX, the latter of which receives more than 10 billion page views and millions of transactions monthly. However, Telekopye is also used in association with ecommerce sites popular around Europe and the broader West, including BlaBlaCar and eBay.
There are two main schemes for these phishing attacks, Jizba says. The first — referred to within the group as Type 1.0 — targets online shoppers. Or, as the Telekopye community refers to them, mammoths.
It works like
any old phishing attack youve seen before
: a victim is singled out, and persuaded of the legitimacy of the scammer through emails and SMS messages. If the victim pursues a phishing link theyll reach a mock ecommerce page, with the opportunity to enter their credit or debit card details for purchase of an item theyll never end up receiving. The scammer launders the money through cryptocurrencies, rinse and repeat.
Type 2.0 involves targeting the seller by convincing them that they have to pay some sort of deposit. A seller will be baited by, for example, a text that reads Your item has been paid for. Get money from:, followed by the phishing link.
Successful hauls dont go straight into the attackers pocket. Instead, the Telekopye community operates in a corporate-like structure, with a hierarchy of admins, moderators, good workers, and regular workers. Admins earn 5-40% commissions on each scam, and roles and money movements are tracked in shared documents.
Telekopye offers a set of predefined templates for emails and texts, HTML phishing pages, forms, and even images of financial documents.
For landing pages, for example, scammers have to do no work at all. Theyre given a series of templates targeting websites in specific countries — Slovakia, Spain, England, Australia, and more — and while the final result can sometimes be inelegant, other times it does look like the real thing.
When images will come in handy, scammers turn to Render Bot, a separate but related bot that removes key fields in photos and screenshots. A scammer might tweak, for example, a photo of an invoice or cheque, or a screenshot of a page associated with a legitimate application. Several fonts are supported in order to better blend the added text with the original image.
The best way to
identify a Telekopye scam
, Jizba says, is not to try to pick out tiny discrepancies in these carefully orchestrated, automated texts and images. Rather, it is when scammers have to go off-book that theyre most vulnerable.
Outputs of Telekopye look convincing, he says. Administrators of Telekopye spend a great deal of time on making their phishing templates as legitimate-looking as possible. The main weakness lies in sounding legitimate in real conversation with the victim, often speaking in [a] different language. This is usually where the victim has the highest chance to spot the scam.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
EBay Users Beware Russian Telekopye Telegram Phishing Bot