A clever new type of ransomware attack
It seems like we’re talking about cyber scams a lot at the moment. And now there’s another
new trick you need to be aware of.
Cybercriminals are smart. They’re forever coming up with new ways to infiltrate your
devices and networks to access your valuable data.
Fortunately, the defence weapons continue to get stronger and stronger to help keep you
protected. Some email systems are now especially good at identifying malicious messages
But if your website has a contact form – and most do – you face a new threat. That’s
because cybercriminals are using web forms to spread malware.
They pose as a potential new customer and ask you to provide them with a quote for your
goods or services.
Once you email your reply to their request, they’ll send you a special kind of file –
known as an ISO file – which they say is relevant to your conversation.
Crucially, this file won’t be attached to the email. They’ll send it via a file-sharing service,
such as WeTransfer. This is to help to avoid your email provider’s protection.
Think about the psychology of what’s happening here. Whoever in your business is
managing this conversation thinks they’re talking to a prospective new customer and is
much more likely to open the files without thinking.
The fact the conversation started with a contact form lowers their natural scepticism. They
just want the sale!
When you open the file, it will give the cybercriminals remote access to your device. And
that can allow them to access your full network. They can then launch a malware or
The latter is something you want to avoid at all costs. It’s where your data is encrypted so
it’s useless to you. And you have to pay a large ransom fee to get it back… with no
guarantees the payment will work.
Experts think this form of contact form attack was first tested on large businesses in
December 2021. And believe it’s now becoming more popular.
It’s vital that you and your team check requests sent via your website are genuine. And
never, ever open any files emailed over unless you trust the source 100%.
If we can help keep your business protected or train your team on the big threats to be
aware of, please contact us.
Published with permission from Your Tech Updates.
Here's our live calendar!
Questions: [email protected]
How Microsoft 365 Defender Can Shield Your Company From Phishing Scams
Ransomware, Spyware and Trojans – What are They and How to Prevent Them
Should Your Company Outsource IT?
Sorry, the comment form is closed at this time.