Most businesses have contact forms on its website these days. So, it’s important to be aware of the cunning new trick of cyber criminals.
While email security continues to get stronger at preventing malicious messages from reaching you, cyber crooks are also inventing new ways to infect systems and infiltrate networks to access valuable data.
Their latest technique uses the contact form on a business’s website to spread the malware. They pose as a potential new customer and urge you to provide a quote for your goods or services. Usually, they fill in the form to start a conversation.
Once you email your reply to their request, they’ll send a special kind of file - known as an ISO file - which they say is relevant to your conversation.
It is important to know this file won’t be attached to the email. They’ll send it using a file-sharing service - such as WeTransfer - to bypass your email account’s security.
When you open and run the file, Voila, you have given the criminals full access to your full network. They can then launch a malware or ransomware attack, where your files are encrypted until you pay a huge ransom fee.
Cyber experts think this type of contact form modus was first tested on large businesses in December 2021 and has since gained popularity.
The best defense against this new malware technique is to train your staff to carefully check requests sent via your website.
Can we help protect your business from all security threats? Give us a call.