Cybercriminals operating under the moniker "Neanderthals" have been utilizing a malicious Telegram bot called Telekopye to orchestrate large-scale phishing scams. This bot enables the creation of phishing websites, emails, and SMS messages. Neanderthals recruit members, referred to as "Mammoths," to engage in scams categorized as seller, buyer, or refund scenarios. In the seller scam, Neanderthals pose as sellers to deceive Mammoths into purchasing nonexistent items, while in buyer scams, they masquerade as buyers to extract financial details from merchants. Refund scams involve tricking Mammoths into a second fraudulent transaction under the guise of offering a refund. The Telekopye activity aligns with Classiscam, a scam-as-a-service program that has generated $64.5 million in illicit profits since 2019. Neanderthals employ various tactics, including web scrapers and market research, to optimize their phishing schemes, and they also explore real estate scams. The cybercriminals use anonymity tools such as VPNs, proxies, and TOR while employing sophisticated techniques to deceive and defraud victims.