It starts out innocently enough. Someone visits your website, finds the “contact us” page, completes the form and leaves you a message. For the most part, this is usually conducted by someone interested in your services and would like more information. But in the past week, we have received three inquiries from clients about a message they received from “Mel” claiming unauthorized use of images on their business website, which is copyright infringement and went further to belittle the recipient.
The reader was then directed to click a link to see the actual source of the image previously published by the contact. The message then alerts if the image isn’t removed legal action will follow.
If this message – or something reasonably close – shows up in your inbox, DO NOT CLICK THE LINK. This is nothing more than a phishing scam.
Here is one example of a message received this week:
This is Meleana and I am a qualified photographer and illustrator.
I was discouraged, putting it lightly, when I came across my images at your website. If you use a copyrighted image without an owner’s permission, you should be aware that you could be sued by the copyright owner.
It’s not legal to use stolen images and it’s so сheap!
Here is this document with the links to my images you used at and my earlier publications to obtain the evidence of my copyrights.
Download it now and check this out for yourself:
If you don’t delete the images mentioned in the document above within the next few days, I’ll file a to your hosting provider letting them know that my copyrights have been severely infringed and I am trying to protect my intellectual property.
And if it is not enough, you may be pretty damn sure I am going to report and sue you! And you won’t receive the second notice from me.
With further research, we have found that this has apparently been circulating periodically since last summer and in various forms. The names are usually a variation of “Mel” and the email address and phone number have been different each time.
But what’s the point?
While the goal isn’t clear from the message, it’s clearly a scare tactic to prompt you to click the link. Doing so may take you to a website or page that could leave you vulnerable to a hacker taking control of your device. It could also take you to a page asking for personal or sensitive information.
Why would this happen?
A hacker could try to hold your device hostage, or compromise accounts and other personal information.
While we are only guessing at this point, the bottom line is to be sure you are aware of what could transpire if you’re not paying attention.
So how do you recognize a phishing scam?
- Look for poor grammar and word usage such as “…I was discouraged, putting it lightly, when I came across my images at your website…”
- Bad spelling is also another red flag.
- Hover Over a Link to See the True URL (but NEVER click it): Phishing scams will try to hide the true URL to which the link leads. When you hover, you can see the true destination of the URL, regardless of what the link says.
- Never click on or download an unsolicited or unexpected, unusual attachment. Always be suspicious of this.
Phishing email attempts frequently try to elicit an emotional response from you by using inflammatory or threatening language such as the threat to sue you and file a complaint with your host in this example. Another common tactic is to threaten that an account has been suspended or that you have committed a crime or are in violation of an agreement. Always be suspicious and take a beat before acting on any communication that uses threats.
Have you received a similar email via your contact form?
Since we’ve had several reports this week, we wanted to spread the word about this scam since it is using a fairly effective scare tactic to use against businesses.