It has been reported that hackers have been using CAPTCHA verification tests to get around automated spam scanners and trick them into letting their phishing emails through, hiding hide malicious links in HTML files. This technique has been used before and the advice is to not open or click on links in any unsolicited and suspicious-looking emails.