Spam form submission is one of the most challenging causes of security risks in the Account Engagement (Pardot) platform. They open a gate not only into your marketing platform but your CMS as well, so you have to protect your platforms and be prepared.
How do you know if you get a spam form submission?
At first, you will see a couple of records showing up in your reports with names including HTTP or www. But eventually, your website’s vulnerability can be exploited when the spam form submission triggers an email, including a malicious link. At that point, your IT team will raise the alarms and you could be under a phishing attack.
What could you do to prevent it?
There are a couple of tricks Salesforce recommends trying to stop these submissions:
- Enable the reCAPTCHA option on your forms
- Although this is a great solution in most cases, these days there are some clever attacks where this solution doesn’t stand a chance.
- Using a server-side submission
- This requires involving a web developer and external server, which might be more complicated than what you’d need.
- Replace your forms with form handlers
- With this option, you would lose the great ‘smart’ form features like progressive profiling, whilst not being in full control of your form styling.
Over the past years, this was an issue we come across with our customers as well. So, in collaboration with our internal Development team, we built a solution that blocks these submissions on the form, before it actually creates a record in Account Engagement (Pardot). Watch the video below to see how it works:
This solution has 3 requirements:
- Jquery referenced in your layout template
- A script in the layout template stopping spam-like form submission
- Our help to implement and test it for you
However, even if you haven’t seen records with HTTP or www included, you can never be too careful in my opinion. Preventing vulnerability issues as this should be a high-level priority for all Account Engagement (Pardot) customers in order to protect your own database. Take another look at the video above, discuss it with your team and then get in touch with our team.
