--- title: Skaalen Website Security — reCAPTCHA Implementation type: article created: '2026-04-05' updated: '2026-04-05' source_docs: - raw/2026-01-08-skaalen-monthly-marketing-call-112855096.md tags: - skaalen - website - security - recaptcha - spam layer: 2 client_source: null industry_context: null transferable: true --- # Skaalen Website Security — reCAPTCHA Implementation ## Overview During the January 2026 monthly marketing call, Skaalen flagged a pattern of suspicious contact form submissions and phone calls that appeared to be spam bots and/or competitor intelligence gathering. The agreed solution was to add a reCAPTCHA to the website contact form. Related client: [[wiki/clients/skaalen/_index]] --- ## The Problem Two distinct threat vectors were identified: **1. Spam bot form submissions** The contact form was receiving automated submissions all worded nearly identically — a clear indicator of bot activity. Dawn (Skaalen) had stopped responding to these but flagged them as an ongoing nuisance. **2. Competitor pricing scraping via phone** A caller contacted multiple staff members (including Simone and Karen in rehab) under different names, persistently requesting a full pricing breakdown. When offered a proper consultation meeting, the caller declined — suggesting the goal was data collection rather than genuine inquiry. Kris noted that companies like Wipfli maintain pricing databases for competitive market analysis, and this type of call is a known tactic for populating those databases. --- ## The Solution Add a **reCAPTCHA** to the website contact form to block automated submissions. Melissa (Asymmetric) also committed to auditing the surrounding security configuration: - Verify SMTP settings are correctly configured - Review schema markup for accuracy - Ensure other backend security "kismets" are in place > *"We just have to, for security purposes, it is just ever-evolving."* — Melissa Cusumano --- ## Action Items | Owner | Task | Status | |-------|------|--------| | Melissa Cusumano | Add reCAPTCHA to the website contact form | Assigned | | Melissa Cusumano | Verify SMTP configuration and backend security settings | Assigned | --- ## Context & Notes - The reCAPTCHA addresses automated bot submissions; it will not prevent determined human callers attempting to extract pricing by phone. Staff awareness remains the best defense against the latter. - Pricing is not currently published on the Skaalen website, which limits the data available to scrapers — this is worth maintaining as a policy. - As AI-generated contact attempts grow more sophisticated, this may need revisiting (e.g., honeypot fields, rate limiting, or more advanced bot detection). --- ## Related - [[wiki/clients/skaalen/_index]] - [[wiki/meetings/2026-01-08-skaalen-monthly-marketing-call]]