A newly uncovered cyber scam is leveraging fake CAPTCHA pages to covertly trigger numerous international SMS messages from unsuspecting users’ phones, resulting in unexpected charges. This seemingly routine online activity has become a costly trap for many.
How Fake CAPTCHAs Exploit Users
The prevalence of CAPTCHAs on websites has led to users interacting with them almost automatically, whether it involves clicking images of traffic lights or solving simple puzzles. Cybercriminals have capitalized on this habitual behavior by crafting scams that manipulate users into unintentionally engaging in activities that incur charges.
This particular scheme is identified as an International Revenue Share Fraud (IRSF) campaign, commonly referred to as SMS pumping fraud. It works by increasing the volume of SMS messages sent to international destinations with high termination fees, sharing a portion of those fees with the attackers through telecom billing agreements.
The Mechanics Behind the Scam
Malwarebytes analyst Pieter Arntz highlights that this fraudulent activity targets average mobile users surfing the internet. Unlike other scams, this one doesn’t rely on malware or compromising devices. Instead, it manipulates telecom billing systems and affiliate networks to transform ordinary web traffic into premium SMS revenue for the perpetrators.
Users typically encounter these fake CAPTCHA pages through malvertising or Traffic Distribution System (TDS) redirects, often originating from typosquatted domains resembling legitimate telecom websites. The fake CAPTCHA prompts users to continue, leading to their phones sending pre-filled SMS messages to multiple international numbers known for high fees.
Preventive Measures and Awareness
To protect against such fraud, it’s crucial to never send SMS messages to verify identity online. Legitimate CAPTCHA systems function within the browser, without accessing your SMS or phone dialer app. Regularly reviewing your mobile bill for unfamiliar international SMS charges is also advisable, and any suspicious fees should be disputed with your carrier promptly.
Blocking international or premium SMS services on your account can further safeguard you if these services are unnecessary. Additionally, users should be wary of suspicious domains linked to this scam, such as sweeffg[.]online and megaplaylive[.]com.
This scam underlines the importance of vigilance in digital interactions. As cyber threats evolve, staying informed and cautious can help mitigate potential financial losses.
