CAPTCHAs, the simple tests we use to prove we are human,
are increasingly being weaponised to trigger actions with
hidden costs. Infoblox Threat Intel has uncovered fake
CAPTCHA pages that trick users into sending high volumes of
international text messages, fuelling a long-running fraud
category called international revenue share fraud (IRSF).
The result is unexpected charges for consumers and growing,
often hidden, revenue leakage for telecom
carriers.
Renée Burton, VP of Infoblox Threat Intel
(Photo/Supplied)
The research
shows that seemingly everyday web interactions can be turned
into billable mobile events without users clearly
understanding what they are authorising. Each small extra
charge looks minor on its own, but at scale this behaviour
drives meaningful, recurring losses for carriers and a
steady stream of complaints and disputes from confused
customers.
This type of fraud scheme is not new, but
the method is unreported. Utilising fake CAPTCHAs in this
way is a novel attack type for cybercriminals. In these
attacks, a user follows the instructions that look like a
regular CAPTCHA but in reality, sends international SMS.
This results in charges on the victim’s phone bill, with a
share of that revenue going to the actor who leases the
phone numbers and operates the fake CAPTCHA site.
More
than a security issue, this is a financial and reputational
problem that erodes margins, damages trust in digital
services and invites regulatory scrutiny. Telecom operators,
advertisers and online platforms all need better visibility
and controls over how simple verification prompts, and
one-click flows convert into real-world
charges.
Advertisement – scroll to continue reading
“We’ve been tracking malicious use of
traffic distribution systems for a while now, but tying them
directly to a long-running SMS fraud scheme is new,” said
Dr. Renée Burton, VP of Infoblox Threat Intel. “What
makes this operation so effective is not just the fake
CAPTCHA itself, but the commercial ad and traffic systems
wrapped around it. Affiliate-style infrastructure is being
repurposed to industrialize phone fraud, while making it
very hard for outsiders to see the full
picture.”
This research makes one thing clear: the
same systems that route users to content can just as easily
route money to criminals, and fake CAPTCHA fraud is already
exploiting that gap at scale. Learn more about the technical
details in the full blog post here: https://www.infoblox.com/blog/threat-intelligence/hold-the-phone-international-revenue-share-fraud-driven-by-fake-captchas/
About
Infoblox Threat Intel
Infoblox Threat Intel is the
leading creator of original DNS threat intelligence,
distinguishing itself in a sea of aggregators. What sets us
apart? Two things: mad DNS skills and unparalleled
visibility. DNS is notoriously tricky to interpret and hunt
from, but our deep understanding and unique access to the
internet’s inner workings allows us to track down threat
actors that others can’t see. We’re proactive, not just
defensive, using our insights to disrupt cybercrime where it
begins. We also believe in sharing knowledge to support the
broader security community by publishing detailed research
and releasing indicators on GitHub. In addition, our intel
is seamlessly integrated into our Infoblox DNS Detection and
Response solutions, so customers automatically get its
benefits, along with ridiculously low false positive
rates.
About Infoblox
Infoblox unites
networking, security and cloud with a protective DDI
platform that delivers enterprise resilience and agility.
Trusted by Fortune 100 companies and emerging innovators, we
seamlessly integrate, secure and automate critical network
services so businesses can move fast without compromise. Our
DDI (DNS, DHCP and IP address management) solutions deliver
unmatched performance and control across hybrid, multi-cloud
environments, while our security solutions stop threats at
the DNS layer, providing preemptive protection everywhere.
The result? A smarter, more secure platform—built for the
way organizations work today and ready for what’s next.
Visit infoblox.com,
or follow us on LinkedIn.