Research by Kaspersky Labs has discovered that cyber-criminals are now hijacking and using the confirmation emails from registration, subscription and feedback forms of legitimate company websites to distribute phishing links and spam content.
Kaspersky has reported that scammers are exploiting the fact that many websites require users to register their details in order to receive content. Some cyber-criminals are now using stolen email addresses to register victims via the contact forms of legitimate websites. This allows the cyber-criminals to add their own content to the form that will then be sent to the victim in the confirmation email from the legitimate website.
For example, according to Kaspersky, a cyber-criminal uses the victim’s e-mail address as the registration address, and then enters their own advertising message in the name field e.g. “we sell discount electrical goods. Go to https://discountelectricalgoods.uk.” This means that the victim receives a confirmation message that opens with “Hello, we sell discount electrical goods. Go to https:// discountelectricalgoods.uk Please confirm your registration request”.
Where a victim is asked by a website form to confirm their email address, cyber-criminals are also able to exploit this part of the process by ensuring that victims receive an email with a malicious link.
The main advantages to cyber-criminals of using messages sent as a response to forms from legitimate websites are that the messages can pass through anti-spam filters and have the status of official messages from a reputable company, thereby making them more likely to be noticed, opened, and responded to. Also, as well as the technical headers in the messages being legitimate, the amount of actual spam content carried in the message (which is what the filters react to) is relatively small. The spam rating assigned to messages by anti-spam filters is based on a variety of factors, but these kinds of messages command a prevailing overall authenticity which allows them to beat filters, thereby giving cyber-criminals a more credible-looking and effective way to reach their victims.
What Does This Mean For Your Business?
Most businesses and organisations are likely to have a variety of forms on their website which could mean that they are open to having their reputation damaged if cyber-criminals are able to target the forms as a way to initiate attacks or send spam.
The advice of Kaspersky is that companies and organisations should, therefore, consider testing their own forms to see if they could be compromised. For example, registering on your own company form with your own personal e-mail address and entering a message in the name field such as “I am selling electrical equipment” as well as including a website address and a phone number, and then checking what appears in your e-mail inbox will show if there are any verification mechanisms for that type of information. If the message you receive begins “Hello, I am selling electrical equipment”, you should contact the people who maintain your website and ask them to create simple input checks that will generate an error if a user tries to register under a name with invalid characters or invalid parts. Kaspersky also suggests that companies and organisations could consider having their websites audited for vulnerabilities.