Who provides the service?<\/h2>\n
A gang\u2019s key person is the founder, or topic starter<\/strong>. This guy manages everyone else:<\/p>\n That\u2019s what the core lineup of almost any gang looks like. Especially sophisticated outfits also include marketers<\/strong>, motivators<\/strong> and mentors<\/strong>. These run promotional campaigns for the project, and provide moral support to, and training for, workers<\/p>\n The members of a scam gang chiefly communicate via private groups and chats in Telegram. The channel we investigated had around 15,000 members, with just five of them being mentors. Virtually everyone else was a worker \u2014 a pawn in this scheme. Read the investigative story on Securelist<\/a> to find out more about other roles the members of a scam gang have.<\/p>\n Bots help gangs automate most of the scamming process. For example, scammers can use these to create unique, personalized phishing ads. A Telegram bot we discovered churns out as many as 48 ads at a time, in four languages, for six classifieds websites and in two versions: seller scam (2.0) and buyer scam (1.0).<\/p>\n A bot creates links for two types of scam at a time: seller scam (2.0) and buyer scam (1.0)<\/p><\/div>\n Next, a worker uses the Telegram bot to automatically send the links to the victim\u2019s email, instant messaging account or SMS inbox. As soon as a phishing link is opened, the bot displays a message that says \u201cMammoth online\u201d. This tells the worker that the scam has all but succeeded: the victim has no protection<\/a>, so the gang is about to pocket their money.<\/p>\n The bot tells the worker everything the victim does \u2014 in detail<\/p><\/div>\n Instant notifications about anything that happens is one of Telegram bots\u2019 killer features. Thus, if the victim takes the bait, paying for the \u201cgoods\u201d or \u201cdelivery\u201d, the worker learns immediately. The bot computes the worker\u2019s share of the booty and shares the name of the carder who\u2019ll withdraw the funds.<\/p>\n \u201cAnother one duped!\u201d \u2014 the new workers\u2019 anthem<\/p><\/div>\n This is the extent of what the worker needs to do, as the money will be credited to their account automatically\u00a0\u2014 unless they\u2019re scammed by their own gangmates, which isn\u2019t unheard of.<\/p>\n The workers are the gang\u2019s cash cows: they pay commissions to the mastermind, mentor, carder and refunder. This project is no doubt a moneymaker: the gang earned more than two\u00a0million\u00a0US\u00a0dollars between August 2023 and June 2024. That\u2019s what the scammers say anyway, but they can declare whatever figures they want, no matter how inflated, in their internal chat to motivate the workers.<\/p>\n A bad day for the scammers \u2014 but a happy one for the whole humanity<\/p><\/div>\n The scam factory\u2019s profits are restricted by banks\u2019 transaction limits. The gang we\u2019re looking at operates out of Switzerland, and local banking rules prevent it from stealing more than 15,000\u00a0Swiss\u00a0francs (approximately 16,700\u00a0US\u00a0dollars) at a time. The workers have a minimum withdrawal amount: they won\u2019t bother with cards if there are less than 300\u00a0Swiss\u00a0francs (333\u00a0US\u00a0dollars) in the associated account; otherwise the costs would exceed the earnings.<\/p>\n Being attacked by turnkey phishing (as opposed to \u201cregular\u201d phishing) makes no difference to the target: the scammers are still scammers, trying all kinds of ways to swindle victims out of their money. But, since FaaS makes the scammers\u2019 work so much easier, this kind of scam is on the rise. Accordingly, the protection tips remain the same as for other types of phishing:<\/p>\n A turnkey home? A turnkey website? How about turnkey phishing? Scammers now sell turnkey phishing services to other scammers. Read on to find out how it works.<\/p>\n","protected":false},"author":2706,"featured_media":51615,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2683],"tags":[80,76,726,97],"class_list":{"0":"post-51614","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-fraud","9":"tag-phishing","10":"tag-scam","11":"tag-security-2"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/turnkey-phishing\/51614\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/turnkey-phishing\/27661\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/turnkey-phishing\/22978\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/turnkey-phishing\/30331\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/turnkey-phishing\/27827\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/turnkey-phishing\/27488\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/turnkey-phishing\/30162\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/turnkey-phishing\/29041\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/turnkey-phishing\/37798\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/turnkey-phishing\/12533\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/turnkey-phishing\/22755\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/turnkey-phishing\/31422\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/turnkey-phishing\/36710\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/turnkey-phishing\/29199\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/turnkey-phishing\/27969\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/turnkey-phishing\/33805\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/turnkey-phishing\/33469\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/phishing\/","name":"phishing"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/51614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=51614"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/51614\/revisions"}],"predecessor-version":[{"id":51631,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/51614\/revisions\/51631"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/51615"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=51614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=51614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=51614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
The Telegram bot as the workers\u2019 main weapon<\/h2>\n
![\"A](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110754\/turnkey-phishing-01.jpg\")
<\/a>![\"The](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110706\/turnkey-phishing-02.png\")
<\/a>![\""Another](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110612\/turnkey-phishing-03.png\")
<\/a>How much scam gangs make<\/h2>\n
![\"A](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110539\/turnkey-phishing-04.jpg\")
<\/a>Avoiding the trap<\/h2>\n
\n