Skip to main content

Legitimate business websites used to spread spam and phishing

By 28 August 2019No Comments
marketing automation e affiliate marketing - copertina

“Researchers have noted a growth in the use of increasingly 'intelligent' techniques for spreading spam and phishing. In fact, cybercriminals are increasingly taking advantage of website registrations, online subscriptions and filling out forms to leave their feedback to insert spam content or phishing links in confirmation emails that are sent by respected and trusted companies to world level.


Cybercriminals are constantly looking for new ways to spread spam and phishing messages in order to bypass existing content control filters. The intention of the attackers is to get these emails from sources that are considered legitimate and have a high reputation, so that users cannot ignore them or consider them simply as junk mail. This trend is also a challenge for companies, because this type of unwanted spam or possible malicious content, apparently sent in their name, could come to question the trust of their own users or even lead to the breach of personal data.


The method used is simple but effective. Nowadays, most companies are interested in receiving feedback from their customers to improve the quality of services, customer loyalty and corporate reputation. To make this happen, companies ask their users to register with a personal account, to subscribe to receive any newsletters or to share their opinions through specific forms to leave their feedback on the site, asking questions or offering suggestions, for example example. These are the very methods that the attackers are exploiting.


These three procedures all require the users name and email address; this way they can receive a confirmation message or feedback. According to the research conducted, scammers are starting to insert spam content and phishing links right into this type of email. Attackers add the victim's email address to the registration or subscription form and type their message in place of their name. At this point the website sends a confirmation email that is modified, with advertising content or with links for phishing attempts at the very beginning of the text, in place of the recipient's name.


Most of these altered messages are linked to online surveys designed to obtain personal data from visitors. Notifications from reputable sources usually easily pass verification by content control filters, as these are official communications from reputable companies. It is precisely for this reason that this new method of spreading unwanted and apparently harmless spam emails is proving to be effective and arousing much concern.


To prevent companies from suffering reputational damage, we recommend that you:


Check the functioning of the feedback forms on the company website.

Incorporate several verification rules that can return an error message in case of attempts to register names with inappropriate characters.

If possible, carry out a website vulnerability assessment. "



#digife #website #website #ecommerce #ecommerce #webdesign #seo #digitalmarketing #graphicdesign #business #websitedesign #webdevelopment #webdesigner #branding #webdeveloper #socialmediamarketing #entrepreneur #startup #digital #malware #hacker #hacking #security #virus #cybercrime #antivirus #cyberattack #spyware