Accused of copyright infringement? It could be a phishing scam.

Dan Carpenter
December 8, 2021
4 min read
phishing cyber security

When using images found online, it’s not always 100% clear what can be used, how it can be used, and if accreditation is necessary.

"Copyright Infringement Evidence" notification

What is clear, criminals are taking advantage of this lack of understanding.

Fake image copyright takedown requests are being sent to businesses via contact forms on websites.

The scam involves clever phishing emails warning that a particular image used on your company’s website is copyrighted material “owned by” the sender who threatens legal action if specific images are not immediately removed

How exactly does this new scam work?

The user receives an email from an unknown sender who claims to be the registered owner of a particular image used without their permission on your company’s website contact form. 

Fearing the worst, you click on the link contained in the email to investigate the supposed infraction.

That link takes you to a fake “Stolen Images Evidence” web page and there’s a ZIP file you are asked to download and extract. The ZIP file contains malware that automatically installs on your workstation.

phishing process

What makes this particular image copyright scam so dangerous for businesses?

Five hallmarks of successful phishing emails

It contains all the hallmarks of successful phishing emails:

  1. Fear. Threats of legal action by the sender.
  2. Urgency. “You must respond immediately!”
  3. Plausibility. We see the symbols everywhere © ® ™ so it seems a reasonable request.
  4. Readability. These are written by native English speakers as opposed to automated translations from other languages.
  5. Credibility. At first blush, it looks like a recognizable site. The sender may reference the Digital Millennium Copyright Act that directly speaks to the issue of image copyrights.

It’s worth pointing out that digital marketing agencies that design websites take advantage of paid subscription services like Shutterstock, iStock, and many others that provide royalty-free images and other visual content for websites and blogs. 

So it’s highly unlikely that any actual image copyright violations exist in today’s business landscape.

Who is most at risk to fall for this image copyright scam?

Persons in sales, marketing, and HR roles who monitor various internal “contact us” email addresses.

List of potential email addresses that are most at risk to fall for image copyright scam
  • info@yourcompany[.]com
  • sales@yourcompany[.]com
  • marketing@…
  • hiring@…
  • employment@…
  • opportunities@…
  • jobs@…
  • admin@…

How can I protect my business now from this and other email scams?

The #1 reason this phishing tactic works: FEAR.

By creating an overwhelming sense of fear and urgency, our brains trigger a fight-or-flight-like response.

take immediate action now

If you get something in your inbox from someone you don’t know telling you to “TAKE IMMEDIATE ACTION NOW!” by clicking a link or opening an attachment, STOP.

Takeaways

Business Email Compromise (BEC) is alive and well.

Bad actors are still using the pandemic work from home employee model to trick the unwary into opening emails that inject malware into their computers or mobile devices.

You can see a more detailed list of dos and don’ts of business email security hygiene here

Remember, there is nothing that hits your inbox that can’t wait 10 minutes to consider and investigate.

Stay safe out there.



Meet Dan Carpenter

Profile-Headshot-Dan_Carpenter

As the President of IT Services, Dan provides excellent leadership to his team of over 170 technology professionals. He plays a large role in mentoring his team, helping individuals achieve career goals, and providing quality solutions to our customers.


Discover and Do More With Business Technology!

Get monthly business technology tips directly to your inbox.

Let's Build Something Great Together

Contact Us