Fake CAPTCHA IRSF SMS fraud campaign
Campaign
Summary
Hide ▲
Show ▼
Researchers disclosed a still-active fake CAPTCHA IRSF SMS fraud campaign that tricks users into sending international text messages and incurring mobile-bill charges. The operation uses commercial traffic distribution systems and browser manipulation to funnel victims through multi-step verification pages. It matters because the scheme spans 17 countries and can turn a single visit into dozens of costly SMS messages.
Timeline
-
27.04.2026 09:33 2 articles · 1mo ago
Fake CAPTCHA IRSF SMS fraud campaign disclosed
Initial DisclosureInfoblox disclosed a fake CAPTCHA IRSF telecom fraud campaign that redirects users through a commercial TDS into multi-step SMS verification flows, causing premium international text charges and generating revenue for operators leasing the phone numbers. The campaign was described as active since at least June 2020, with observed social engineering, back button hijacking, cookie-based progression tracking, as many as 35 phone numbers across 17 countries, and delayed billing that can leave victims seeing charges weeks later.
Show sources
- Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud — thehackernews.com — 27.04.2026 09:33
- Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud — thehackernews.com — 27.04.2026 09:33