Infoblox Threat Intel finds global scams turning simple “prove you’re human” pages into costly international text charges for consumers and telecom operators
CAPTCHAs, the simple tests we use to prove we are human, are increasingly being weaponized to trigger actions with hidden costs. Infoblox Threat Intel has uncovered fake CAPTCHA pages that trick users into sending high volumes of international text messages, fuelling a long-running fraud category called international revenue share fraud (IRSF). The result is unexpected charges for consumers and growing, often hidden, revenue leakage for telecom carriers.
The research shows that seemingly everyday web interactions can be turned into billable mobile events without users clearly understanding what they are authorizing. Each small extra charge looks minor on its own, but at scale this behaviour drives meaningful, recurring losses for carriers and a steady stream of complaints and disputes from confused customers.
This type of fraud scheme is not new, but the method is unreported. Utilizing fake CAPTCHAs in this way is a novel attack type for cybercriminals. In these attacks, a user follows the instructions that look like a regular CAPTCHA but in reality, sends international SMS. This results in charges on the victim’s phone bill, with a share of that revenue going to the actor who leases the phone numbers and operates the fake CAPTCHA site.
More than a security issue, this is a financial and reputational problem that erodes margins, damages trust in digital services and invites regulatory scrutiny. Telecom operators, advertisers and online platforms all need better visibility and controls over how simple verification prompts, and one-click flows convert into real-world charges.
“We’ve been tracking malicious use of traffic distribution systems for a while now, but tying them directly to a long-running SMS fraud scheme is new,” said Dr. Renée Burton, VP of Infoblox Threat Intel. “What makes this operation so effective is not just the fake CAPTCHA itself, but the commercial ad and traffic systems wrapped around it. Affiliate-style infrastructure is being repurposed to industrialize phone fraud, while making it very hard for outsiders to see the full picture.”
This research makes one thing clear: the same systems that route users to content can just as easily route money to criminals, and fake CAPTCHA fraud is already exploiting that gap at Internal scale.
Learn more about the technical details in the full blog post here: https://www.infoblox.com/blog/threat-intelligence/hold-the-phone-international-revenue-share-fraud-driven-by-fake-captchas/
–
