216.73.216.197

Hold the Phone! International Revenue Share Fraud Driven by Fake CAPTCHAs

· Published 23/04/2026 21:25 · Modified 27/04/2026 14:39

Export JSON

Essential information

Published
23/04/2026 21:25
Modified
27/04/2026 14:39
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
click2sms fake captcha irsf sms fraud social engineering tds
Tags
2026-04-23 click2sms fake captcha irsf sms fraud social engineering tds
Related entities
23 indicators, 23 observables, 20 techniques (mitre), 40 others

Description

Threat actors are leveraging pages to trick victims into sending premium SMS messages as part of an international revenue share fraud () scheme. Operating since at least June 2020, this campaign uses traffic distribution systems and to direct users through multi-stage fake verifications requiring SMS messages to international phone numbers across 17 countries with high termination fees. Each CAPTCHA step triggers messages to over a dozen destinations, generating over 60 SMS messages per victim costing approximately $30. The operation employs back button hijacking, sophisticated tracking cookies, and affiliate advertising networks to maximize reach while obscuring the fraud from detection. Both individual victims and telecommunication carriers suffer financial losses through this deceptive scheme.

External references