Contact Form Scam

Cybercriminals are always trying to come up with new ways to trick people into sending them their sensitive information. To bypass email filters, cybercriminals have now created a scam that uses contact forms to install malware.

Many companies have a contact form on their websites for people to request quotes, shop or submit an inquiry. When filing out the form a cybercriminal can spoof the form by filling out a domain that appears to look more reputable.

Once a form is submitted many companies have an employee reply back to quote requests. Since an employee is replying back an email filter won’t always flag a reply. In this scam, the cybercriminal will send an email back including a malware infected file. If the employee opens the file, the malware will infect the employee’s computer and the cybercriminal can gain access to the company’s network.

Tips:

• Always remain cautious of random emails. Even if it looks like it is coming from a legitimate place, remember cybercriminals can spoof domains. If you want to verify if it is legitimate, try reach out to the sender by phone.
• Whenever you receive an email, make sure you stop and look for red flags! Some red flags are grammatical errors, misspellings and weird phrasing.
• Be very cautious of fake attachments. Cybercriminals use file-sharing services to bypass antivirus software.

Learn more tips like this and train your employees with our Security Awareness Training Program.

‍