What the Hack? How To Prevent Cyber Attacks from Website Contact Forms

by | Aug 2, 2022 | Cyber Liability Insurance

We’re constantly talking about cyber frauds these days. And now, there’s another new method to be aware of. Cybercriminals are clever. They’re always coming up with new tactics to get access to your valuable information through your devices and networks.

Fortunately, security measures have improved over time, allowing you to stay safe. Some email systems are now incredibly effective in identifying harmful communications and threats.

If security has improved, how are these threats still getting through?

If your website has a contact form – as most do – you are now exposed to a new hazard. That’s because Cybercriminals can utilize online forms to share malware. They fill out a contact form pretending to be a prospective client and request you provide them with a quote for your item or service. Once you respond to their request, they’ll send you an ISO file.

Typically, this will not be attached to the email. They’ll send it over via a file-sharing platform like WeTransfer to avoid your email provider’s filtering. (Only open an email from WeTransfer, or similar platforms, if you are expecting it!)

It’s 2022, how are people still letting this happen to them?

web form on desktop computer

Experts believe this type of contact form assault was first used on large corporations in December 2021. And it’s becoming increasingly popular. So it’s critical that you and your team double-check all orders/correspondence placed through your website to ensure they’re legitimate. And, never, ever, under any circumstances, open a file sent to you via email unless you are certain of its origin.

How can businesses protect themselves in the future?

Email scams are nothing new, but the latest ransomware scam that is making the rounds is a little more sophisticated than your average phishing attempt. This scam takes advantage of people’s trust in website contact forms by using an automated process to send out emails with infected attachments to as many potential victims as possible.

If you receive an email from a file-sharing platform that you weren’t expecting, be sure to verify the legitimacy of the sender before opening any attachments. And if you’re a small business, it’s important to have both a Cyber Insurance policy as well as mitigation efforts in place in case of an attack.