Fake CAPTCHA scam activity is rising globally, as new research reveals how simple verification pages are being weaponized to trigger costly mobile charges.

Infoblox Threat Intel has identified a scheme where fake CAPTCHA pages trick users into sending large volumes of international text messages. As a result, this fuels a long-running fraud category known as international revenue share fraud (IRSF). Consequently, consumers face unexpected charges, while telecom operators experience hidden revenue leakage.

CAPTCHAs are typically used to confirm that a user is human. However, attackers are now exploiting this familiar process. Instead, users unknowingly authorize actions that generate billable SMS traffic. Therefore, what appears to be a routine step can result in real financial impact.

Moreover, the research highlights how everyday web interactions are being converted into mobile billing events. Each individual charge may seem small. Yet, at scale, these transactions lead to recurring losses for telecom carriers. In addition, customers often file complaints and disputes due to unclear charges.

Although IRSF itself is not new, the use of fake CAPTCHA pages represents a previously unreported method. In these attacks, users follow instructions that resemble legitimate CAPTCHA prompts. However, these actions actually send international SMS messages. As a result, victims are billed, while a portion of the revenue is shared with the fraud operators who control the phone numbers and infrastructure.

Furthermore, the issue extends beyond cybersecurity. It has become a financial and reputational concern. Telecom operators, advertisers, and online platforms face increased pressure to improve visibility and controls. This is especially important in tracking how simple verification steps translate into real-world charges.

Dr. Renée Burton, VP of Threat Intel at Infoblox, said the company has been monitoring malicious traffic distribution systems for some time. However, linking them directly to SMS fraud schemes is a new development. She added that the effectiveness of the operation lies not only in the fake CAPTCHA, but also in the surrounding commercial ad and traffic systems. These systems, often used in affiliate marketing, are now being repurposed to scale phone fraud while obscuring its full scope.

Finally, the findings indicate that systems designed to route users to content can also be exploited to redirect money to cybercriminals. As a result, the Fake CAPTCHA scam is emerging as a significant threat at scale, impacting both consumers and telecom providers.

Related post

View all