Contact Form Scam

Cybercriminals are using contact us forms in their latest scams.

Cybercriminals are always trying to come up with new ways to trick people into sending them their sensitive information. To bypass email filters, cybercriminals have now created a scam that uses contact forms to install malware.

Many companies have a contact form on their websites for people to request quotes, shop or submit an inquiry. When filing out the form a cybercriminal can spoof the form by filling out a domain that appears to look more reputable.

Once a form is submitted many companies have an employee reply back to quote requests. Since an employee is replying back an email filter won’t always flag a reply. In this scam, the cybercriminal will send an email back including a malware infected file. If the employee opens the file, the malware will infect the employee’s computer and the cybercriminal can gain access to the company’s network.



  • Always remain cautious of random emails. Even if it looks like it is coming from a legitimate place, remember cybercriminals can spoof domains. If you want to verify if it is legitimate, try reach out to the sender by phone.
  • Whenever you receive an email, make sure you stop and look for red flags! Some red flags are grammatical errors, misspellings and weird phrasing.
  • Be very cautious of fake attachments. Cybercriminals use file-sharing services to bypass antivirus software.

Learn more tips like this and train your employees with our Security Awareness Training Program.