It may seem like all we talk about at the moment is cyber scams, this is because it is the right thing to talk about right now. And now there is another new trick that you need to be aware of.
Cybercriminals are very smart and are forever coming up with new ways to infiltrate your devices and networks to access your valuable data.
Fortunately for us and you, the defence weapons continue to get stronger and stronger to help keep us all protected. Some email systems are now especially good at identifying malicious messages and threats.
But if your website has a contact form – and most do – you face a new threat. That is because cybercriminals are using web forms to spread malware.
How does this work?
They pose as a potential new customer and ask you to provide them with a quote for your goods or services.
Once you email your reply to their request, they will send you over a special kind of file – known as an ISO file – which they say is relevant to your conversation.
Crucially this file won’t be attached to the email but instead will be sent via a file-sharing service such as WeTransfer. This is to avoid your email provider’s protection.
Think about the psychology of what is happening here. Whoever in your business is managing this conversation thinks they are talking to a prospective new customer and is much more likely to open the files without thinking about the potential consequences. The fact that the conversation started with a contact form lowers their natural scepticism. They just want the sale!
When the file is opened, it will give the cybercriminals remote access to your device. This will allow them to access your FULL network. They can then launch a malware or ransomware attack.
The latter is something that you want to avoid at all costs. It is where your data is encrypted so it is useless to you, and you have to pay a large ransom fee to get it back … with no guarantees the payment will work.
Experts believe this form of contact form attack was first tested on a large business in December 2021, with it now becoming more and more popular.
It is vital that you and your team check requests sent via your website are genuine. And never, ever open any files received via email unless you trust the source 100%.
If we can help your business stay protected please contact us.