C and M Companies Inc
Reno, Nevada USA
Drop Us a Line

Phishing Emails and Malware Protection

Charles Blewett

March 11, 2021
Updated on:
Nov 30, 2023

Warning to Website Owners using Contact Forms

Precautions for mail forwarding through your website’s contact form

If you own a website and use a CTA – Call-To-Action – asking prospective customers to connect with you through a contact form, be careful with these forwarded messages you receive in your inbox. Your company’s marketing efforts requires a certain degree of acceptable risk in using this method to ask prospects to reach out to you but we can use some common sense tests before acting upon these emails. When the prospective client – or bad guy – clicks the Send Button, the Email Forwarding service takes the information collected and sends it to the email address you tell it to deliver to and applies a Subject line of:

New Message From ‘Your Website’s Name’.

Today I received a typical email from the contact form sent from a website that I manage. In it, the person claims that I stole images used on this website and for proof, they asked me to click the link they included in the email. Wow, this is a pretty good one! Had I not stopped myself from acting on my angry emotional response to this claim, I probably would have been infected with some form of malware or worse, installed ransomware on my device and been locked out from its use until I paid the ransom.

Some steps to protect yourself

Diligence in today’s connected world dictates that individuals and companies take proactive preventative measures to try to thwart these bad guys from gaining our trust and then infecting our devices. First, they are getting better at plying human emotions so if you do fall victim, don’t beat yourself up too much. Many smart people have succumbed to these nefarious and awful thieves. With that said, here is some of what I received today for us to use as a learning tool.

Hi there!
This is Melanka and I am a qualified illustrator.
I was surprised, mildly speaking, when I found my images at your website. If you use a copyrighted image without an owner’s consent, you must be aware that you could be sued by the copyright holder.
It’s against the law to use stolen images and it’s so low!
Here is this document with the links to my images you used at (www.website.com) and my earlier publications to get the evidence of my legal copyrights.
Download it right now and check this out for yourself: (Wow, really!)
https://sites.google.com/view/id***************/home/drive/storage/file/download?FileID=*************** (I removed the file id’s)
If you don’t remove the images mentioned in the document above within the next several days, I’ll file a complaint against you to your hosting provider letting them know that my copyrights have been severely infringed and I am trying to protect my intellectual property.
And if it is not enough, for damn sure I am going to take legal action against you! And you won’t receive the second notice from me.

As you can see, this is a rather cunning attempt to get me to act based on my emotional response to the claim and this Phishing attach (Fishing for my knee-jerk reaction) has just enough credibility to almost get me to click the included link. It starts out nice and somewhat friendly but quickly and progressively gets more and more threatening. Notice that he does not give a full name, a company name, nor links to the offending website and names of the images he claims are his. Here are some things to check when you receive emails from your websites contact form or any unknown source sent to any email address.

Be on the Lookout For…Do’s and Don’ts

  1. Do not click links! Contact forms can be set up to not allow your visitors to include links but for now, if you get a forwarded email from your website, do not open any attachments nor click any links the sender included.
  2. Check the sender’s email address – Be wary of unsolicited emails from a free email account like Gmail.com, Yahoo.com, Hotmail.com, and the like. The above sample attempt came from a free Gmail account. But, if you are soliciting business from private individuals, you will have to expect these emailing service to be used.
  3. Pay attention to the Subject line before opening the email. Does it sound Fishy? Trust your gut and do some more investigation.
  4. Read the body carefully – and don’t click links. How is the language? Does it sound mechanical or translated poorly from a foreign language? Read for signs of deceit.
  5. If it passes your tests of credibility, then and only then follow up by phone or email and sell your services.

Google Gmail Mail Header sample

  • from: Mel <[email protected]> (Your website)
  • reply-to: Mel <[email protected]>
  • to: [email protected]
  • date: Mar 10, 2021, 7:54 AM
  • subject: New Message From (Your Website Address)
  • mailed-by: fwmail.website.com (Your mail forwarding service)
  • signed-by: website.com (Your website)
  • security: Standard encryption (TLS) Learn more


Submit a Comment

You May Also Like…