A recent investigation by researchers has revealed a deceptive campaign that exploits fake CAPTCHA pages to trick mobile users into incurring hefty international SMS charges. This scam, known as International Revenue Share Fraud (IRSF), takes advantage of the complex pricing structures of international calls and SMS traffic to generate revenue for cybercriminals without the need to install malware on the victim's device.
The scam operates by luring victims through malvertising or redirects from typosquatted telecom domains to a page mimicking a CAPTCHA. Instead of verifying the user as human, the page prompts them to send prefilled SMS messages to multiple international numbers. These numbers are strategically chosen from countries with high termination fees, such as Azerbaijan, Myanmar, and Egypt, resulting in significant charges on the victim’s phone bill.
To ensure victims remain trapped, the scam employs back-button hijacking techniques using JavaScript, which prevents users from easily leaving the page. The campaign is further supported by a Click2SMS-style affiliate network that promotes the scam as a monetization strategy for dubious publishers, defrauding both individuals and telecom carriers.
The impact on victims includes unexpected premium SMS charges and difficulties in tracing the source of these charges. Telecom carriers also suffer financial losses due to revenue-sharing agreements with the perpetrators and potential chargebacks from customer disputes.
To protect against such scams, users should never send SMS messages to verify CAPTCHAs, as legitimate CAPTCHAs do not require such actions. Regularly reviewing mobile bills for unfamiliar charges and disputing them promptly is advised. Additionally, users can enhance their security by using mobile protection apps that block known malicious sites associated with these scams.
Source: https://www.malwarebytes.com/blog/news/2026/04/fake-captcha-scam-turns-a-quick-click-into-a-costly-phone-bill