Malware crooks using Contact Us forms threatening legal action

ByCraig Haley

Crooks are using company contact forms to trick employees into visiting malware laced websites.

If your company or website has a Contact Us form – and most do – then be wary of a surge of scams where crooks are using these contact forms to trick unwary employees into downloading malware.

In examples offered by Microsoft, crooks are sending threatening messages via these contact forms to website owners and businesses, falsely claiming they are infringing on someone’s copyright, and demanding the infringing content is removed else they could face legal action. See the examples below.


Source: Microsoft

There is no infringing content. This is a clever social engineering trick to panic the reader into clicking the included link, which appears legitimate because the link leads to a site hosted on the Google Sites platform. Microsoft note on their warning bulletin

We observed more emails sent by attackers on other contact forms that contain similar wording around legal threats. The messages consistently mention a copyright claim lure by a photographer, illustrator, or designer with the same urgency to click the sites.google.com link.

But even websites hosted with Google Sites can be used to distribute malware. If the website or business owner reads the message and clicks the link, they’re asked to login using their Google credentials. Once they do, a ZIP file automatically downloads to their computer. And if that ZIP file is opened and its contents executed, malware will soon follow. In cases seen so far that malware is the IcedID malware, which can steal financial and banking information from a device it infects.


Sponsored Content. Continued below...




And given the surge in these types of attacks researchers believe the crooks have found a way of bypassing CAPTCHA tools that companies use to prevent these types of automated attacks.

Companies and website owners are advised to be extremely cautious of emails threatening legal action for alleged copyright infringements, especially if they direct to websites that download ZIP files onto a user’s device.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)