Contact Form Fraud

Cybercriminals are always devising new ways to steal your information and attack your network.

In a recent scam, cybercriminals use contact forms to bypass email filters and install malware.

In this scam, a cybercriminal pretends to be a potential client who wants to request a quote. To request a quote, the cybercriminal submits a contact form on an organization's website. In the form, the cybercriminal may spoof a legitimate domain to appear more reputable.

Inevitably, an employee from the organization will reply back to the quote request. Since the employee seems to be initiating contact with a potential client, most email filters won't flag the reply. The cybercriminal will then use a file-sharing service to send a malware-infected file back to the employee. If the employee opens the file, the malware can infect their computer and allow the cybercriminal to access their organization’s entire network.

Don’t fall for this type of scam! Follow the tips below to stay safe:

• When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain multiple spelling or grammatical errors.
• Watch out for fake attachments shared using a file-sharing service. Cybercriminals can use file-sharing services to bypass antivirus software.

Even if an email seems to come from a legitimate sender, remain cautious. Remember, cybercriminals can spoof domains. If you need to verify that an email is legitimate, try reaching out to the sender directly through phone call or text message.