Continuing on in our series on how to spot scam/phishing emails and text messages we bring you the latest on how hackers will use your contact us page or other webforms on your website to potentially bypass your security protections. Its important that you and your team members can identify scam ‘Contact Us’ or webform messages that will either be trying to get you to install malicious software on your mobile phone or computer or get you to enter your usernames and passwords on fake logon websites.

The following example was one that was entered on our website earlier this week, so I thought I’d share these with you to give you more of an idea of what to look for. In an attempt to find out what language it was written in I put it into Google Translate but it couldn’t translate the text.

The messages are using our brain’s weaknesses against us, in this case our curious nature. They are trying to get you to browse to the link or click on the link if your contact us page just send you an email. It’s not uncommon for exclusions to be put in place in spam filters to allow these Contact Us emails to be received without any issues, after all, obviously, you want to know if someone is wanting to do business with you.

Naturally, you wouldn’t fall victim, but it never hurts to refresh your memory on some tell tale signs to be on the lookout for

  • Contact Us message from Unknown source which you can’t verify
  • The link is using a shortening service to hide the end destination making it harder to identify where it’s going to send you and further making you more curious about finding out what it is
  • Using curiosity about what the message says and then giving you the impression that the only way I’ll find out is to click the link

So how can you stay safe?

  • Stop and ask someone else if its legitimate like us, better to be safe and sure
  • Ensure your firms mobile devices are being updated for both Apple iOS and Android OS as well as App updates, we have a service that can take care of this for you, taking another headache of your very stretched plate.
  • Ensure your systems are patched and up to date, if you’re a managed services client we take care of this for you
  • Engage Cyber Security Awareness Training for you and your staff, talk to us to find out more
  • Have a next generation firewall that’s configured correctly and receiving up to date threat information, those clients that have purchased firewalls from us already talk to us about updating settings to help stop known bad sites
  • Have Dark web monitoring setup to help you identify if a team member accidently enters their username and password into a phishing site and the information is available on the Dark Web for cybercriminals to access
  • Ensure your systems are backed up and stored offsite preferably in the “cloud” and that they are only accessible by those that need access to them
  • Ultimately you want to have a defence in depth strategy with your protections and ensure there are multiple layers in place like a castle, we are happy to provide a third-party assessment of your system to give you peace of mind that your defences are adequate

Have questions and want to learn more? Go to https://www.myinfotechpartner.com.au/pylvideo/ and sign up for my FREE 17-minute training video that dives deeper into the necessary layers you need to have in place to protect yourself from scam contact us or webform messages and how to confidently protect your legacy, reputation and family’s livelihood.