Hold the Phone! International Revenue Share Fraud Driven by Fake CAPTCHAs

This report documents an ongoing international fraud campaign (active since at least June 2020) that weaponizes fake CAPTCHA pages to coerce victims into sending multiple pre-populated international SMS messages (IRSF), leveraging Traffic Distribution Systems (TDS), affiliate tracking, and back-button hijacking to maximize scale and evade detection; the research includes technical flow details, cookie and DNS analysis, two tiers of phone-number lists across 17 countries, domain indicators, and reproducible fetch examples.