Cybersecurity researchers have uncovered a large-scale fraud operation that uses fake CAPTCHA verification pages to trick users into sending international SMS messages, generating illicit revenue for attackers. The campaign is tied to a form of telecom fraud known as international revenue share fraud (IRSF), where victims unknowingly incur charges on their mobile bills while attackers’ profit from termination fees. The activity has reportedly been ongoing since at least 2020 and spans multiple countries.
The scam typically begins when users are redirected to a malicious webpage that displays a fake CAPTCHA prompt asking them to “confirm they are human” by sending a text message. Instead of a standard verification step, the process triggers multiple pre-filled SMS messages to international numbers. In some cases, victims may send up to 60 messages to dozens of numbers across different countries, resulting in charges that can reach around $30 per incident, often appearing weeks later billing statements.
Researchers note that the operation relies heavily on social engineering techniques and browser manipulation tactics such as back-button hijacking. This prevents users from easily leaving the malicious page, increasing the likelihood they complete the fake verification steps. The campaign also uses cookies and tracking mechanisms to guide victims through multiple stages, ensuring maximum message volume and higher profits for the attackers.
In parallel, the investigation revealed that threat actors are abusing a traffic distribution system known as Keitaro to run over 120 malicious campaigns. These campaigns include malware delivery, cryptocurrency scams, and fake investment schemes promoted through deceptive ads and even deepfake celebrity endorsements. The infrastructure allows attackers to route victims through complex redirection chains, making detection and takedown significantly more difficult.
The findings highlight how cybercriminals are combining traditional telecom fraud with modern ad-tech and AI-driven deception methods to scale their operations globally. By exploiting both individuals and telecom providers, these campaigns demonstrate an evolving threat landscape were seemingly harmless online interactions, such as CAPTCHA checks, can be weaponized for financial gain.
NEWSLETTER
Sign up for our free newsletter
© 2026 CXO Digital Pulse. All Rights Reserved.
Share your details to download the report 2026
Name must be between 1 and 12 characters.
Please enter your business email.
Share your details to download the Cybersecurity Report 2025
Name must be between 1 and 12 characters.
Please enter your business email.
Share your details to download the CISO Handbook 2025
Name must be between 1 and 12 characters.
Please enter your business email.
Sign Up for CXO Digital Pulse Newsletters
Share your details to download the Research Report
Share your details to download the Coffee Table Book
Share your details to download the Vision 2023 Research Report
Download 8 Key Insights for Manufacturing for 2023 Report
Sign Up for CISO Handbook 2023
Download India’s Cybersecurity Outlook 2023 Report
Unlock Exclusive Insights: Access the article
Please enter your business email.
Download CIO VISION 2024 Report
Please enter your business email.
Share your details to download the report
Please enter your business email.
Share your details to download the CISO Handbook 2024
Please enter your business email.
Fill your details to Watch
Please enter your business email.