Form Spam is a method of submitting web forms with unwanted information. Unwanted information may be advertisements, links to offer pages, phishing URLs and abusive texts. Spammers create bots to automatically find web forms and post advertisement links. Once the form is filled, it is usually sent to a group mail within the company. The link is then clicked by many by which the spammer is able to generate traffic, ad revenue or redirect them to phishing sites to collect personal information.
Form spamming can be done in a couple of ways:
Hackers can write automated bot programs that find web forms to abuse with spam links and promotional content
Human spammers that manually target websites and abuse their web forms. These spammers are difficult to block as they are able to cross CAPTCHAs and other security measures
Community forums engage thousands of users every day. Automated form spam comments on these forums will be seen as a real nuisance by genuine users. Form spam comments come in between their conversations, and hijack the entire thread with unsolicited messages and advertisements. Uncontrolled spam comments affect genuine user experience and spoils the forum’s/business’ brand name, resulting in user churn.
Form spam is a huge challenge for classifieds websites and job/property portals. These portals will have some type of a lead collection form or contact form that spammers take advantage of. Not always do these form spam messages point to unwanted information. Sometimes, competitors target websites to create fake leads so that those sales teams waste time and energy in pursuing these leads. This directly impact listing agents as they may see no ROI, and lose confidence on the website as a result of the spam leads and may choose to opt out.
Some forms have inbuilt field validation that can help control fake submissions to an extent. When email field validation is employed, it can be programmed to automatically reject submission of forms with known spam email ids. Forms can also be protected by using Google Captcha so that it can be used to validate genuine users and avoid bots.
However, this captcha methodology can also be bypassed, if not implemented properly. Searching for ‘how to bypass captcha’ throws up a ton of tools and browser extensions like Rumola, DeCaptcher, GSA Captcha Breaker, and so on. Moreover, hackers write sophisticated bot programs that are becoming more human-like and harder to detect with these conventional validation methodologies.