Hackers are using CAPTCHA techniques to scam email users

Quantity continues to beat quality in email attacks.
Business email, BEC
(Getty Images)

More email users fell for scams using CAPTCHA technology in 2020, a new report from security firm Proofpoint shows.

The technique, which uses a visual puzzle to help authenticate human behavior, received 50 times as many clicks in 2020 compared to 2019. That’s still only a 5% overall response rate, researchers note. Comparatively, one in five users clicked attachment-based emails with malware disguised as Microsoft PowerPoints or Excel spreadsheets. Campaigns using attachments to hide malware made up one in four of the attacks researchers at Proofpoint monitored.

“Attackers don’t hack in, they log in, and people continue to be the most critical factor in today’s cyber attacks,” Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint said in a statement.

Researchers found that quantity continues to beat quality in email attacks. Proofpoint found that the highest number of clicks came from a threat actor linked to the Emotet botnet. “This total reflects their effectiveness and the sheer volume of emails they sent in each campaign,” the report notes.


The group, whose infrastructure was knocked out by international law enforcement earlier this year, has gone virtually dormant since.

Cybersecurity researchers also say that companies shouldn’t underestimate basic cyber hygiene in combatting ransomware. Hackers are increasingly turning to email to distribute initial malware that’s used later to download ransomware rather than using email as the initial attack vector. In 2020, Proofpoint detected 48 million emails that contained malware that was used to launch ransomware. Top threats detected by Proofpoint included names like The Trick, Dridex and Qbot.

Concerns over ransomware have only skyrocketed in 2021 after a series of high-profile attacks against critical industries in the United States. In the first half of the year the United States dealt with major ransomware attacks against  IT firm Kaseya, meat supplier JBS and fuel provider Colonial Pipeline.

Accenture Security detected a more than 125% increase in the first half of 2021, according to a report also released Wednesday. The growth was largely driven by a booming ransomware industry. Ransomware dominated 38% of the incident types detected by Accenture. REvil, the Russia-based group behind the Kaseya attack was behind a quarter of those ransomware attacks. The group went dark last month and has likely rebranded under a new name.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts