In the past month, a number of our clients have been hit by a malicious scammer named "Mel" ("Mellie" in one case and "Melina" in the other) filling out their website form, and very aggressively claiming copyright infringement.
The email arrives via your website contact form and accuses you of using copyrighted website images and asks you to click on a link to see the list of the images that are in violation.
(DON'T CLICK THE LINK.)
The writer threatens to file a complaint with your hosting company and sue you.
Example of one of the contact forms below:
Some of the professions the scammer is claiming to include:
- Professional Photographer
- Licensed Photographer
- Experienced photographer and illustrator
- Qualified illustrator
And the sender is going by names similar to "Mel" including:
The scammer uses different fake email addresses, fake phone numbers and variations on the last name, as well.
What is the Goal of this Phishing Scam?
The end goal of the scam isn't clear, but the immediate goal is to scare you and get you to click the link.
Clicking the link may take you to a file download or a website that may allow the hacker to seize control of your device (if your device is not protected by sufficient antivirus software to block it). It may take you to a phishing page asking you to enter more information, which you should never do.
The hacker may then be able to do one of the following:
- Hold your device hostage demanding a ransom
- Exploit having access to your machine to compromise your other accounts like email or banking
- Inject worms/viruses that infect your machine and use it to launch attacks against others
How to Spot a Phishing Email
- Awkward Grammar: Look for awkward grammar and word usage such as "It's unlawfully!", in this case.
- Check Spelling: Bad spelling is also another red flag.
- Hover Over a Link to See the True URL (but NEVER click it): Phishing scams will try to hide the true URL to which the link leads. When you hover, you can see the true destination of the URL, regardless of what the link says.
- Be Suspicious of Unsolicited Attachments: Never click on or download an unsolicited or unexpected unusual attachment. Always be suspicious of this.
- Don't Let Them Intimidate You: Phishing email attempts frequently try to elicit an emotional response from you by using inflammatory or threatening language such as the threat to sue you and file a complaint with your host in this example. Another common tactic is to threaten that an account has been suspended or that you have committed a crime or are in violation of an agreement. Always be suspicious and take a beat before acting on any communication that uses threats.
Have you received a similar email via your contact form?
Thanks to Liz Eisworth and her Blog Article!
She also offers great tips on what to do if you DO click that link! "What to do if I Clicked on a Phishing Link"