Kingston Police issue warning about possible contact form fraud

Cybercriminals are always devising new ways to steal your information and attack your network. In a media release, Kingston Police outlined a recent scam in which cybercriminals use contact forms to bypass email filters and install malware.

In this scam, Kingston Police said that a cybercriminal pretends to be a potential client who wants to request a quote. To request that quote, police said that the cybercriminal submits a contact form on an organization’s website. In the form, the cybercriminal may spoof a legitimate domain to appear more reputable.

“Inevitably, an employee from the organization will reply back to the quote request,” police said. “Since the employee seems to be initiating contact with a potential client, most email filters won’t flag the reply. The cybercriminal will then use a file-sharing service to send a malware-infected file back to the employee. If the employee opens the file, the malware can infect their computer and allow the cybercriminal to access their organization’s entire network.”

Police provided the tips below to help everyone stay safe:

  • When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain multiple spelling or grammatical errors.
  • Watch out for fake attachments shared using a file-sharing service. Cybercriminals can use file-sharing services to bypass antivirus software.
  • Even if an email seems to come from a legitimate sender, remain cautious. Remember, cybercriminals can spoof domains. If you need to verify that an email is legitimate, try reaching out to the sender directly through phone call or text message.

Leave a Reply

You cannot copy content from this page, please share the link instead!