During the January 2026 monthly marketing call, Skaalen flagged a pattern of suspicious contact form submissions and phone calls that appeared to be spam bots and/or competitor intelligence gathering. The agreed solution was to add a reCAPTCHA to the website contact form.
Related client: [1]
Two distinct threat vectors were identified:
1. Spam bot form submissions
The contact form was receiving automated submissions all worded nearly identically — a clear indicator of bot activity. Dawn (Skaalen) had stopped responding to these but flagged them as an ongoing nuisance.
2. Competitor pricing scraping via phone
A caller contacted multiple staff members (including Simone and Karen in rehab) under different names, persistently requesting a full pricing breakdown. When offered a proper consultation meeting, the caller declined — suggesting the goal was data collection rather than genuine inquiry. Kris noted that companies like Wipfli maintain pricing databases for competitive market analysis, and this type of call is a known tactic for populating those databases.
Add a reCAPTCHA to the website contact form to block automated submissions.
Melissa (Asymmetric) also committed to auditing the surrounding security configuration:
- Verify SMTP settings are correctly configured
- Review schema markup for accuracy
- Ensure other backend security "kismets" are in place
"We just have to, for security purposes, it is just ever-evolving." — Melissa Cusumano
| Owner | Task | Status |
|---|---|---|
| Melissa Cusumano | Add reCAPTCHA to the website contact form | Assigned |
| Melissa Cusumano | Verify SMTP configuration and backend security settings | Assigned |