Your business has a contact form on it’s website, right?
It seems like we’re talking about cyber scams a lot at the moment. And now there’s another new trick you need to be aware of.
Cyber criminals are smart. They’re forever coming up with new ways to infiltrate your devices and networks to access your valuable data.
Fortunately, the defence weapons continue to get stronger and stronger to help keep you protected. Some email systems are now especially good at identifying malicious messages and threats.
But if your website has a contact form – and most do – you face a new threat. That’s because cyber criminals are using web forms to spread malware.
They pose as a potential new customer and ask you to provide them with a quote for your goods or services.
Once you email your reply to their request, they’ll send you over a special kind of file – known as an ISO file – which they say is relevant to your conversation.
Crucially, this file won’t be attached to the email. They’ll send it via a file-sharing service, such as WeTransfer. This is to help to avoid your email provider’s protection.
Think about the psychology of what’s happening here. Whoever in your business is managing this conversation thinks they’re talking to a prospective new customer, and is much more likely to open the files without thinking.
The fact the conversation started with a contact form lowers their natural scepticism. They just want the sale!
When you open the file, it will give the cyber criminals remote access to your device. And that can allow them to access your full network. They can then launch a malware or ransomware attack.
The latter is something you want to avoid at all costs. It’s where your data is encrypted so it’s useless to you. And you have to pay a large ransom fee to get it back… with no guarantees the payment will work.
Experts think this form of contact form attack was first tested on large businesses in December 2021. And believe it’s now becoming more popular.
It’s vital that you and your team check requests sent via your website are genuine. And never, ever open any files emailed over unless you trust the source 100%.
If we can help keep your business protected or train your team on the big threats to be aware of, please contact us.
Published with permission from Your Tech Updates.