Post Now

Fake CAPTCHA IRSF Scam and Large-Scale Keitaro Fraud Campaigns Target Global Users Through SMS Charges and Crypto Scams

Image

Cybercriminals Use Fake Verification Pages, Premium Text Message Fraud, and Traffic Redirection Systems to Generate Revenue Worldwide

EXECUTIVE SUMMARY

Cybersecurity researchers have uncovered a large-scale fraud ecosystem involving fake CAPTCHA verification scams, International Revenue Share Fraud (IRSF), and abuse of Keitaro Traffic Distribution Systems (TDS) to run global scam campaigns.

Threat actors trick users into sending premium international SMS messages that create hidden mobile charges. At the same time, they use cloaking infrastructure to push cryptocurrency scams, fake investment offers, malware delivery, and phishing pages.

Because these campaigns combine social engineering with automated traffic routing, they create financial and security risks for both individuals and businesses.

THREAT OVERVIEW

Main Fraud Techniques Identified

Threat TypeImpactFake CAPTCHA ScamUsers tricked into sending paid SMS messagesIRSF FraudTelecom carriers lose money through premium routing abuseKeitaro TDS AbuseUsers redirected to scams, malware, and phishingCrypto FraudFake airdrops and investment platformsDeepfake PromotionsFake celebrity endorsements used to lure victims

HOW THE FAKE CAPTCHA SCAM WORKS

Victims land on fraudulent websites showing fake verification messages such as:

➡️ “Confirm you are human by sending a text message.”

Each step automatically opens the phone’s SMS app with pre-filled premium international numbers. Some users may unknowingly send up to 60 text messages to multiple countries, leading to charges that often appear later on billing statements.

BACK BUTTON HIJACKING USED TO TRAP USERS

Researchers also found scammers using JavaScript to hijack browser navigation.

When victims press the back button, they are redirected back to the fake CAPTCHA page, creating a loop that keeps them trapped unless they fully close the browser.

HOW KEITARO IS BEING ABUSED

Threat actors are also using Keitaro Tracker to filter visitors and route selected users to malicious destinations.

Observed abuse includes:

  • Fake crypto wallet giveaways
  • Fraudulent AI trading platforms
  • Malware downloads
  • Credential phishing pages
  • Scam advertisements

Researchers observed more than 120 campaigns abusing this infrastructure over a four-month period.

IMPACT ON USERS AND BUSINESSES

Potential consequences include:

  • Hidden telecom charges
  • Financial fraud losses
  • Device malware infections
  • Credential theft
  • Increased phishing risk
  • Brand impersonation scams
  • Customer trust damage

Additionally, telecom providers may face losses from billing disputes and fraudulent premium routing abuse.

RECOMMENDED SAFETY STEPS

For Individuals

  • Avoid CAPTCHA pages asking you to send SMS messages
  • Never trust urgent crypto giveaway offers
  • Check mobile bills regularly for unknown charges
  • Use secure browsers and anti-phishing tools

For Businesses

  • Train staff on scam landing pages and redirection fraud
  • Use DNS filtering and secure web gateways
  • Monitor telecom expense anomalies
  • Block suspicious traffic redirection domains

KEY TAKEAWAY

Modern cybercrime increasingly relies on deception and automation rather than complex hacking tools.

➡️ Fake verification pages and cloaking systems are being used at scale to generate money through fraud, hidden charges, and cryptocurrency scams.

Ashif