Skip Navigation
Get a Demo
 
Share
 
 
 
 
 
 
 
 
Resources Blog Threat intelligence

Email bombs and fake CAPTCHAs: A social engineering survival guide

Email bombs and fake CAPTCHAs: A social engineering survival guide

Educate yourself and your organization’s users about two increasingly popular social engineering schemes: email bombing and paste and run

Red Canary Intelligence
Originally published . Last modified .

Social engineering is not about hacking computers; it’s about hacking people. It’s a manipulative tactic that exploits human psychology, trust, and digital conditioning to trick individuals into divulging confidential information, granting unauthorized access, or performing actions that compromise security.

This year, Red Canary has consistently observed two social engineering campaigns that adversaries use to gain access into a corporate environment:

Email bombing: a technique that involves flooding a victim’s inbox with spam email followed by a phone scam to trick the victim into providing remote access to their computer.

• Paste and run (aka ClickFix, fakeCAPTCHA): a technique used to fool users into running malicious code by taking advantage of user’s digital conditioning to get past CAPTCHA-style messages or “fix” requests.

We’ve created a free handout for educating your users about what to look for and how to stay ahead of these emerging social engineering trends.

GET THE GUIDE
Our ungated guide includes customizable templates for educating your users about email bombing and paste-and-run campaigns.
Related Articles
 

Intelligence Insights: August 2025

 

Patching for persistence: How DripDropper Linux malware moves through the cloud

 

Intelligence Insights: July 2025

 

Intelligence Insights: June 2025

Subscribe to our blog

 

See Red Canary in action

Watch the 10-minute demo now.
Watch the demo

Security gaps? We got you.

Sign up for our monthly email newsletter for expert insights on MDR, threat intel, and security ops—straight to your inbox.

 
 
 
 
Back to Top