1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'Unfortunately, it needs to be said: Do not send a text to confir

    From TechnologyDaily@1337:1/100 to All on Monday, April 27, 2026 19:00:25
    'Unfortunately, it needs to be said: Do not send a text to confirm you are human': Experts reveal how fake CAPTCHAs are driving a global SMS scam campaign

    Date:
    Mon, 27 Apr 2026 17:35:00 +0000

    Description:
    CAPTCHAs asking you to send an SMS are actually a scam that can cost you big time.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Infoblox researchers expose longrunning CAPTCHA scam that tricks victims into sending costly
    international SMS messages Victims can unknowingly send dozens of texts, incurring charges while attackers profit through telecom revenue sharing The defense is simple: never send a text message to prove you are human Fake CAPTCHAs are not just about copying and pasting links to malware - they can also be about sending an SMS to an international number and being charged a whole lot for the privilege.

    Security researchers from Infoblox recently published an in-depth report
    about an underreported type of CAPTCHA scam. This particular campaign has
    been active since at least June 2020 and has been tricking people into
    sending SMS messages through social engineering and browser back button hijacking. During their research, they found 35 phone numbers in 17 different countries. Article continues below You may like Millions of smartphone users could be at risk from the SMS sign-in URL issue - here's what you need to
    look out for Ever heard of 'quishing'? NordVPN warns the future of scams lies in QR codes and shares some tips on how to stay safe Hackers hijack
    WordPress sites to spread malware using fake CAPTCHA Multiple SMS messages "The fake CAPTCHA has multiple steps, and each message crafted by the site is preconfigured with over a dozen phone numbers, meaning the victim isn't charged for just a single message they're charged for sending SMSs to over
    50 international destinations," researchers David Brunsdon and Darby Wise wrote in their report.

    One of the reasons why this sort of scam hasnt been that widely reported is likely because of delayed billing, they added. International SMS charges are only a problem a few weeks later, when the bill arrives, and by then, the experience with the fake CAPTCHA has been long forgotten.

    Another vital part of the effort are the malicious traffic distribution systems (TDS), which redirect the victim to these landing pages.

    Here is how it works: a commercial TDS redirects a victim to a malicious website that requires the person to confirm they are human by sending an SMS. When the victim taps the button, the page uses built-in mobile features to open the SMS app with the number and message already filled in. The numbers are leased by the attackers. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The process then continues, and each subsequent step asks for another confirmation, triggering multiple SMS messages to different numbers. In the process, the victims may end up sending as many as 60 SMS messages to 15 different numbers, raking up expenses of up to $30. It may not sound like much, but this is a game of large numbers - with thousands of users falling victim, the figures quickly add up.

    The victims in this campaign are both the end users and the telecoms,
    Infoblox concluded. Users, for obvious reasons, and telecoms - by paying revenue share to the perpetrators, as well as by sorting out chargebacks and customer refund requests.

    Defending against the scam is simple, however. Unfortunately, it needs to be said, Infoblox stressed. Do not send a text to confirm you are human. The
    best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/unfortunately-it-needs-to-be-said-do-no t-send-a-text-to-confirm-you-are-human-experts-reveal-how-fake-captchas-are-dr iving-a-global-sms-scam-campaign


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)