Spambot Web Leads

by Scott Gaffan on March 3, 2023

We’ve noticed a recent increase in fake contact form submissions coming through our main company websites.

The agent search allows customers to search for you by name and to send you a message by choosing your Email Me link, filling in and submitting your contact form.

These forms are important and allow anyone to contact you directly from the main company sites……. Unfortunately, this also opens the possibility of receiving fake or spam submissions from individuals or from spambots.  

What’s a spambot? A spambot is a malicious piece of code or program designed to gather names and email addresses and other information from online sources like websites and forms. This information can then be collected to build lists for sending unsolicited email, i.e, spam. Spambots run through our websites and automatically complete and submit forms with the same fake information to multiple agents.     

These fake submissions may appear to be from a legitimate new customer just so they can try to catch you with a phishing link in an email or through another communication app like WhatsApp in the future. 

Although we don’t receive a lot of them, we have noticed an increase in the frequency of bot submissions recently.  They can be annoying and can make you waste your time responding to them or sending them information or worse, by getting caught in one of their scams.

The latest one was sent to at least 950 of our agents over the last couple of weeks (see the example below).  Just prior to that, a similar one was sent to over 250 agents.

Because of the recent increase in spambot activity, we are adding a new layer of protection to the agent capture forms on all the main company websites.  This should stop a vast majority of the automated bot entries from getting through.

We needed something that would not get in the way of the people that legitimately wanted to contact us, so we’re adding something called an invisible CAPTCHA feature. It is a newer, more evolved form of the Captcha that you may be familiar with, the one that asks you to select all the matching photos or to check a box indicating you’re not a robot.  

The invisible CAPTCHA will first intelligently determine the risk of the user attempting to fill in the form, and only presents adaptive CAPTCHAs to those it suspects are automated bots. It does this while letting your valid users pass right through with ease.

This addition should be completed by the end of the month.

Below is an example of a lead email that was generated by a bot. I’m sure that many of you recognize the lead name and have received this exact message.

Determining whether a lead is real or not can sometimes be tough, but there are a few subtle things on this one that stand out.

First, the source is the Johnstone and Johnstone website, and this was sent to a Real Estate One agent. It’s highly unlikely that the client went to the Johnstone and Johnstone site to look up a Real Estate One agent by name. Not impossible, but still highly unlikely.

Second, the first sentence as well as the phone number is repeated in the message (this is also often written with grammatical errors).

Third, this person is requesting to be texted on WhatsApp right away in their first message. This is a big red flag to me and when combined with the other red flags, it’s enough for me to think, this looks suspicious.

Remember, if a message looks fishy, it’s probably best to just delete it. We are continuing to delete these entries from One Place as we receive them. If you receive a lead email that looks suspicious and you’re not sure what to do or would just like another set of eyes to look at it, feel free to send it to the Help Desk or directly to me. It’s always best to lean on the side of caution.

Comments on this entry are closed.

Previous post:

Next post: