Spam Email Attack

So this week’s business update here, and this time it’s got a valuable lesson attached. Recently, some of the mgrmusic.com website contact forms fell victim to a spam attack. This type of attack is a bot-based attack which doesn’t directly affect the website, but the bot uses the contact form as a proxy to send emails out to multiple recipients.

These types of attacks work based on the contact form replying to the submitter with an auto reply. For instance, if you typed in the body of the text “Win £100” and entered your email in the field, our system would generate an auto reply to you and a copy of the text you submitted. The bot had used out system to email spam to a substantial number of emails, as we pay per email it also incurred a quite significant bill. Indeed, it was a bit of a perfect storm that highlighted a security vulnerability in our systems that needed resolving.

So, what did we learn? I mentioned last time that I was working on some integration with ReCapcha and we have rebuilt our contact forms from the ground up to prevent this happening in future. I have also been keen to increase security across the business, adding in 2 factor authentication on all business email logins and will look to do the same with websites. I would recommend that you do the same as well for your start-up, after all the cost of getting it wrong can literally put you out of business – no matter what size your company is.

One aspect of this that I really want to share with you is that as business owners we abstract business problems away from clients – it is part of the service we provide by default. Certain things should never make it to the client view of the business as it’s not something they should ever have to worry about when using your service.

In my case, I don’t want my teachers to be concerned with web security or the websites running as planned, but due to this attack I had to take various websites offline for 24 hours to increase security measures which placed this issue in the view of my teachers. This broke that invisible shield that you as a business owner abstract away from the client, suddenly teachers wanted to know why their websites were down and what was the cause of the attack – in other words the client became concerned with a business issue.

A good example of this scenario is in recent years when KFC changed suppliers and various branches ran out of chicken due to a change in suppliers. This meant, instead of the customers arriving and just using the service they expect (ordering their bucket of chicken!), they were then aware of issues with the supply chain. Not a great look for the company, after all you just want your customers to be thinking “wow this is great chicken”.

It is these moments, often of very high stress that you see how your company can cope with a setback and then how you can improve your systems/processes by resolving it in such a way that it could never happen again. This is what I hope that we achieved this week.


Piano Lessons Nottingham

Here is a small business update to round this off, we’ve recently started working with the fantastic Chloe Leak who will be the teacher on our Piano Lessons Nottingham page. Chloe brings many years of experience along with her and we are very excited to have her on board.

Chloe obtained her music teaching diploma in 2017 and knew from the age of 10 she wanted a career in music. She was committee to playing piano from a young age and now wants to share that knowledge and experience with students in the city of Nottingham

Nottingham has a thriving music scene with lots of new bands and great venues all around so it’s wonderful to see a new generation of musicians coming through under Chloe’s guidance.

I look forward to seeing Chloe’s business grow and grow.

Posted under mgrmusic.com

This post was written by Matthew Rusk on August 24, 2019

Tags: ,

Leave a Comment

You must be logged in to post a comment.

More Blog Post

Previous Post: