Two weeks ago we wrote about the scam that tricks you into infecting your own computer — the fake error or “prove you’re human” page that helpfully walks you through a few quick steps, where following the steps is the attack. New research just revealed what that scam has grown into behind the curtain, and it is worth an update, because the trick your team learned to spot last month now has a factory behind it.
A security researcher pulled apart several of these operations and analyzed roughly 3,000 live samples from active campaigns, presenting the findings publicly at a security conference in late June. The short version: this is no longer a trick some scammers use. It is an industry, with products, customer service, and an assembly line.
What the researcher found behind the curtain
- An assembly line, not a script. The fake pages are now backed by automated servers that generate a freshly disguised copy of the attack for every single visitor — the same trap, wearing a brand-new costume each time, so no two victims see quite the same thing.
- Built specifically to dodge the scanners. The newest versions restructure how the attack is delivered so that the dangerous part stays out of view of the built-in defenses designed to inspect it — a change aimed squarely at the security tools, not the human.
- Sold as a kit. Ready-made “builders” for this scam are sold criminal-to-criminal, so even low-skill operators can run polished campaigns. The researcher’s blunt verdict: this technique is here to stay.
How big this has become
| 517% | Growth in this attack technique measured by one major security firm over a single year |
| Nearly half | Of the initial break-ins investigated by Microsoft’s expert response teams in a recent year traced back to this one trick |
| ~147,000 | Systems estimated infected by just one campaign wave using the technique |
| 700+ | Legitimate, compromised websites found serving these fake pages to their ordinary visitors |
| Nation-states too | Researchers have tied government-backed hacking groups from multiple countries to campaigns using this same consumer-grade trick |
Why the “fresh disguise for every visitor” detail matters: security software largely works by recognizing things it has seen before. An assembly line that hands every victim a never-before-seen variation is designed to make sure there is nothing to recognize. The disguises are aimed at your software. They do nothing against a human who recognizes the shape of the trick — which is exactly why the human remains the best defense you have.
The good news: the rule didn’t change
Here is what should genuinely reassure you. The criminals rebuilt their entire back office — automated servers, per-victim disguises, evasion tricks, reseller kits — and not one bit of it changes the moment that decides everything. The attack still cannot succeed until a human being follows the instructions on the screen. All the industrial machinery exists to get one person to perform a few “quick steps” from a webpage. Refuse that, and the whole factory produces nothing.
The one rule, unchanged: a legitimate website will never ask you to manually perform steps on your own computer to fix an error or prove you are human. The moment a page gives you a little recipe to carry out — press this, paste that, run this — the recipe itself is the attack. Stop. Close it. Walk away. That rule defeated the hand-made version of this scam last month, and it defeats the industrialized version today.
What this means for your team
The industrialization of this scam tells you two things about the people on the other side. First, it is working — criminals do not build factories for tricks that fail. Second, they are betting that businesses will keep relying on software alone to catch it, because the entire production line is engineered to beat software. The countermeasure they cannot engineer around is a workforce where every person — not just the tech-savvy ones — has internalized the rule above. That takes one focused, plain-language training session, built around the real fake pages your team will actually encounter. The criminals have scaled up their side of this fight. Scaling up yours is a lot cheaper, and it only has to happen once.
Sources: The Hacker News; independent researcher findings presented at OrangeCon; ESET; Microsoft Digital Defense Report, June-July 2026.













