A new phishing campaign has been observed in the wild using Captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs) Businesses use SEGs to protect against a wide variety of email-based attacks. Captchas are challenge-based methods to determine if the user is human or a bot. They block automated URL analysis from processing the dangerous page. The attackers were after credentials for Microsoft accounts and created a page that mimics the original for selecting an account and logging in.
Source: https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-uses-captcha-to-bypass-automated-detection/