Is your website being used against you? In a recent scam, cybercriminals use contact forms on organizations’ websites to install malware.
Cybercriminals are always devising new ways to steal your information and attack your network. In a recent scam, cybercriminals use contact forms to bypass email filters and install malware.
In this scam, a cybercriminal pretends to be a potential client who wants to request a quote. To request a quote, the cybercriminal submits a contact form on an organization’s website. In the form, the cybercriminal may spoof a legitimate domain to appear more reputable.
Inevitably, an employee from the organization will reply back to the quote request. Since the employee seems to be initiating contact with a potential client, most email filters won’t flag the reply. The cybercriminal will then use a file-sharing service to send a malware-infected file back to the employee. If the employee opens the file, the malware can infect their computer and allow the cybercriminal to access their organization’s entire network.
Don’t fall for this type of scam! Follow the tips below to stay safe:
- When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain multiple spelling or grammatical errors.
- Watch out for fake attachments shared using a file-sharing service. Cybercriminals can use file-sharing services to bypass antivirus software.
- Even if an email seems to come from a legitimate sender, remain cautious. Remember, cybercriminals can spoof domains. If you need to verify that an email is legitimate, try reaching out to the sender directly through phone call or text message.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.