Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts.

Network security firm Infoblox has disclosed details on a long-running fraud operation that has been quietly draining bank accounts since at least June 2020. This scam uses fake CAPTCHA pages to carry out a specific type of cybercrime known as International Revenue Share Fraud, or IRSF.

While most people see CAPTCHA as a boring but necessary way to prove they are human, the scammers behind this campaign have converted this process into a profit-making tool by tricking users into sending high-cost international text messages.

The Attack Chain

According to cybersecurity researchers at Infoblox Threat Intelligence, the attack begins when a person accidentally visits a typosquatted domain. These are lookalike addresses designed to mimic famous telecommunications brands. When the user lands on the wrong page, they are forced towards a complex Traffic Distribution System (TDS).

In a recent observation from March 2026, researchers tracked this path as it moved through several ...