Ethical Hacking News
A sophisticated international scam is luring unsuspecting users into sending premium rate SMS messages that incurs charges on their mobile bills. With its use of fake CAPTCHA verification tricks and malicious traffic distribution systems, this scam highlights the growing threat of revenue share fraud and the need for increased vigilance among consumers and telecom carriers.
The scam, attributed to FaiKast, uses social engineering tactics and artificial intelligence to deceive victims into sending premium rate SMS messages. The scam relies on fake CAPTCHA verification tricks to dupe users into sending multiple SMS messages to over 50 international destinations. The operation integrates revenue share fraud and malicious traffic distribution systems (TDSs), highlighting the sophistication of cybercrime operations. The scam has affected phone numbers in 17 countries, including Azerbaijan, Kazakhstan, Poland, Spain, and Turkey, since at least June 2020. The campaign uses back button hijacking and cookies to track victims' progression through the fake verification flow. The operation exploits telecom carriers, with individual victims facing unexpected premium SMS charges on their bills while telecommunication carriers pay revenue share to the perpetrators. The scam is a prime example of international revenue share fraud (IRSF), which relies on modern AI technologies to deceive victims.
In recent months, a complex and sophisticated scam has emerged, utilizing social engineering tactics and artificial intelligence to deceive unsuspecting victims. The operation, which spans multiple countries and employs a range of malicious techniques, is designed to capture the financial information of its targets through international SMS fraud.
The scam, attributed to a threat actor known as FaiKast, relies on fake CAPTCHA verification tricks to dupe users into sending premium rate SMS messages that incurs charges on their mobile bills. These messages are preconfigured with over a dozen phone numbers, meaning the victim isn't charged for just a single message – they're charged for sending SMSs to over 50 international destinations.
The scam is particularly noteworthy due to its integration of revenue share fraud and malicious traffic distribution systems (TDSs). The activity uses the infrastructure traditionally responsible for routing traffic to malware or phishing pages to conduct SMS scams at scale. This collaboration between threat actors highlights the increasingly sophisticated nature of cybercrime operations.
According to Infoblox, a leading cybersecurity firm, the scam has been active since at least June 2020 and has affected phone numbers spanning 17 countries, including Azerbaijan, Kazakhstan, Poland, Spain, and Turkey. The list of phone numbers is thought to be constantly evolving as threat actors continually adapt their tactics to evade detection.
One of the most striking aspects of this scam is its use of back button hijacking, a novel strategy employed by the scam operators. This technique relies on JavaScript to alter the browsing history such that any attempt made by the site visitor to navigate away from the CAPTCHA page by hitting the browser's back button redirects the user back to the fake page.
The campaign also makes use of cookies to track progression through the fake verification flow, using values stored in certain cookies to determine the next course of action. Furthermore, the scam operators have been observed registering phone numbers in countries with high termination fees or lax regulations, such as Azerbaijan and Kazakhstan.
In this complex operation, telecom carriers are exploited simultaneously. Individual victims face unexpected premium SMS charges on their bills, while telecommunication carriers pay revenue share to the perpetrators while likely absorbing the losses from customer disputes or chargebacks.
The entire campaign plays out like a multi-stage "verification" chain, with each step triggering a separate SMS message to the server-designated numbers by programmatically launching the SMS apps on both Android and iOS devices with the phone numbers and message content pre-filled. As many as 60 SMS messages are sent to 15 unique numbers after four steps of CAPTCHA, which could end up costing a user $30.
The campaign highlights the growing threat of international revenue share fraud (IRSF), where threat actors illegally acquire international premium rate numbers or number ranges and artificially inflate the volume of international calls or messages to receive a share of the revenue generated from these calls. This operation is particularly noteworthy due to its reliance on modern AI technologies, making it highly convincing for potential victims.
The discovery of this scam underscores the need for increased vigilance and awareness among consumers and telecom carriers alike. As the threat landscape continues to evolve, cybersecurity professionals must remain vigilant in their pursuit of identifying and mitigating new threats.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Global-Scam-Unfolds-How-Fake-CAPTCHA-Traps-Users-into-International-SMS-Fraud-ehn.shtml
https://thehackernews.com/2026/04/fake-captcha-irsf-scam-and-120-keitaro.html
https://www.infoblox.com/blog/threat-intelligence/hold-the-phone-international-revenue-share-fraud-driven-by-fake-captchas/
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://attack.mitre.org/groups/
Published: Mon Apr 27 04:01:53 2026 by llama3.2 3B Q4_K_M
