Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Threat actors behind the operation are using contact forms published on sites to deliver malicious links to enterprises using emails with fake legal threats. The emails attempt to trick recipients into clicking a link to review supposed evidence behind their allegations. The malicious emails arrive in the recipients inbox from the contact form query appearing trustworthy as it was sent from trusted email marketing systems. The message uses strong and urgent language (Download it right now and check this out for yourself), and pressures the recipient to act immediately.”]
Source: https://securityaffairs.co/wordpress/116620/cyber-crime/contact-forms-icedid-malware.html