Cybersecurity experts have uncovered a telecommunications fraud operation that exploits fake CAPTCHA systems to trick users into sending international text messages. These messages incur charges on mobile bills, generating revenue for cybercriminals who lease the phone numbers involved.
Details of the Fraudulent Operation
The operation, active since at least June 2020, uses social engineering and browser manipulation techniques. According to Infoblox, it involves around 35 phone numbers across 17 countries. These scams deploy a fake CAPTCHA requiring multiple SMS messages to various international numbers, leading to significant charges for unsuspecting victims.
The scam’s delayed billing feature often results in victims being unaware of fraudulent charges until weeks later. This scheme combines revenue share fraud with traffic distribution systems (TDS), traditionally used for malware or phishing, to execute large-scale SMS scams.
Mechanics of the International SMS Scam
International revenue share fraud (IRSF) involves fraudsters obtaining high-cost international premium rate numbers. They artificially boost call or message volumes to these numbers, collecting a share of the termination charges paid by telecom operators.
This campaign registers phone numbers in countries with high termination fees, such as Azerbaijan and Kazakhstan, and collaborates with local telecom providers to maximize profits. Users are redirected to fake web pages using commercial TDS, where they’re prompted to send SMS messages under the guise of CAPTCHA verification.
Keitaro TDS Exploitation
Infoblox and Confiant have also reported on the misuse of Keitaro TDS, a system intended for advertising performance tracking. Cybercriminals repurpose it to facilitate malware delivery, cryptocurrency theft, and fraudulent investment schemes.
Over 120 campaigns have leveraged Keitaro for malicious activities, with a significant portion promoting cryptocurrency scams. These scams often use fake endorsements and deepfake videos to lure victims into fraudulent AI-powered investment platforms.
Conclusion and Future Outlook
The widespread exploitation of TDS systems like Keitaro underscores the evolving nature of cyber threats. As these scams become more sophisticated, the importance of robust cybersecurity measures and awareness among users and telecom providers cannot be overstated.
Future efforts will likely focus on enhancing detection and prevention strategies to combat such scams, ensuring the protection of both consumers and telecommunications infrastructure.
