Fake CAPTCHA Scams Exploit Users for International SMS Fraud

/MEDIUM
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW threat-intelvulnerability
Fake CAPTCHA Scams Exploit Users for International SMS Fraud

Cybersecurity researchers, as detailed by The Hacker News, have uncovered a widespread telecommunications fraud campaign. Threat actors are deploying fake CAPTCHA verification pages designed to trick users into unknowingly sending international text messages. These messages incur charges on the victim’s mobile bill, generating illicit revenue for the attackers who lease the compromised phone numbers. This tactic leverages user trust in common verification methods to facilitate financial fraud.

What This Means For You

  • If your users are encountering unexpected charges on their mobile bills or are asked to click through unusual verification screens, scrutinize these prompts immediately. This attack vector preys on the expectation that CAPTCHAs are benign. Educate your user base about this specific social engineering tactic and advise them to be wary of any verification process that seems unusual or requests actions leading to direct communication costs.

Related ATT&CK Techniques

T1566.002 Phishing: Spearphishing Link Initial Access T1059.003 Command and Scripting Interpreter: Windows Command Shell Execution T1571 Non-Standard Port Command and Control

πŸ›‘οΈ Detection Rules

3 rules Β· 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β€” export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

Fake CAPTCHA SMS Fraud - Suspicious URI Query

Sigma YAML β€” free preview

Source: Shimi's Cyber World Β· License & reuse

βœ“ Sigma Β· Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM β†’

Indicators of Compromise

IDTypeIndicator
Fake-CAPTCHA-IRSF-Scam Telecommunications Fraud Fake CAPTCHA verification tricks for IRSF (International Revenue Share Fraud)
Fake-CAPTCHA-IRSF-Scam Fraud Campaign 120 Keitaro campaigns
Fake-CAPTCHA-IRSF-Scam Attack Vector SMS fraud leading to international text message charges
Fake-CAPTCHA-IRSF-Scam Attack Vector Crypto fraud

Written by SCW Vulnerability Desk

Take action on this incident
πŸ“‘ Monitor infoblox.com Free Β· 1 watchlist slot Β· instant alerts on new breaches πŸ” Threat intel on Infoblox All breaches, IOCs & vendor exposure

Related coverage on Infoblox

LiteLLM Pre-Auth SQLi Actively Exploited: CVE-2026-42208

Hackers are actively exploiting a critical pre-authentication SQL injection vulnerability, CVE-2026-42208, in the LiteLLM open-source large language model (LLM) gateway. BleepingComputer reports that attackers are...

threat-inteldata-breachmalwarevulnerabilityai-security
/SCW Vulnerability Desk /HIGH /⚑ 3 IOCs /⚙ 3 Sigma

LofyGang Resurfaces, Targets Minecraft Players with LofyStealer Malware

The Brazilian cybercrime group LofyGang has re-emerged after a three-year hiatus, launching a new campaign aimed at Minecraft players. According to The Hacker News, the...

threat-intelvulnerabilitymalware
/SCW Vulnerability Desk /MEDIUM /⚑ 3 IOCs

VECT 2.0 Ransomware: Wiper-Like Flaw Irreversibly Destroys Files

The cybercriminal operation VECT 2.0 is deploying ransomware that functions more like a wiper, according to threat hunters cited by The Hacker News. A critical...

threat-intelvulnerabilitymalwareransomwaremicrosoft
/SCW Vulnerability Desk /MEDIUM