Cybercriminals have devised a new method to exploit fake CAPTCHA pages, turning these routine security checks into a tool for international SMS fraud. This scheme involves tricking users into participating in international revenue share fraud, a type of scam where attackers profit from inflated phone charges. The fraudulent activity is masked behind seemingly legitimate CAPTCHA requests, which users encounter during their online activities.
The attackers set up lookalike and scam domains that mimic legitimate websites. These domains are part of a traffic distribution system (TDS) that eventually leads victims to a fake CAPTCHA page. Once users interact with these pages, they unknowingly become part of the fraud scheme. The process is designed to be seamless, making it difficult for users to detect the scam until they notice unusual charges on their phone bills.
Technically, the scam operates by redirecting users through a series of web pages that culminate in the fake CAPTCHA. This redirection is orchestrated by the TDS, which is a network of compromised or malicious websites designed to funnel traffic to the scam pages. The fake CAPTCHA pages are crafted to look convincing, often indistinguishable from legitimate ones, which increases the likelihood of users falling victim to the scam.
The impact of this scam is significant, as it can lead to unexpected charges on victims’ phone bills due to the international revenue share fraud mechanism. This type of fraud not only affects individual users but can also have broader implications for telecom companies and service providers, who may face increased customer complaints and potential financial losses.
To mitigate the risk of falling victim to this scam, users should exercise caution when encountering CAPTCHA requests, especially on unfamiliar websites. It is advisable to verify the legitimacy of a website before entering any personal information. Additionally, users should regularly monitor their phone bills for any unusual charges and report suspicious activity to their service providers immediately.
Source: https://www.infoblox.com/blog/threat-intelligence/hold-the-phone-international-revenue-share-fraud-driven-by-fake-captchas/