SMS Scam Tricks: How Bad Guys Make Money From Your Phone Bill

Cyber‑security experts have uncovered a sophisticated scheme that forces unsuspecting users to send multiple SMS messages abroad, generating revenue for scammers through telecom termination fees.

How the Scam Works

1. Fake CAPTCHA Prompt
   A web page displays a counterfeit “I am not a robot” test that instructs users to send an SMS to confirm they are human.

2. Automatic Messaging
   The page automatically opens the device’s messaging app and pre‑fills a short message.

3. Mass Texting
   After four steps, up to 60 texts are dispatched across 17 countries, each targeting a different phone line.

4. Hidden Costs
   Victims are charged between a few cents and $30 per message, often unnoticed until weeks later.

The Financial Engine

• Premium Numbers: Telecom operators pay extra fees for calls originating from overseas premium numbers.
• Scammer Strategy: Fraudsters acquire or hijack these high‑cost numbers, then split the termination charges for profit.

Secondary Threat: Keitaro Misuse

• Traffic‑Shuffling: Attackers repurpose the legitimate tool Keitaro to mask malicious links, crypto‑theft sites, and fake investment offers.
• Campaign Scale: Between October 2025 and January 2026, over 120 campaigns used Keitaro, generating nearly a quarter‑million DNS queries to concealed destinations.

Common Tactics

• Tracking Cookies: Keep users anchored on the deceptive page.
• JavaScript Tricks: Redirect victims to new scams or prevent exit.

Why Victims Miss It

Charges appear on bills weeks after the messages are sent, making it difficult for users to report fraud or obtain refunds.