JoomConnect Blog
Shady Copyright Phishing Attack is Targeting Web Forms
As you probably know, the most effective phishing attacks tend to push a sense of urgency on the user. Hurry, don’t think, just click!
We’ve been seeing a particular attack hitting website owners that are doing just that, so we wanted to raise some awareness to help our clients stay vigilant.
Copyrighted Images Phishing Scam
If you have a website with contact forms, there’s a pretty decent chance you’ve received some spam from it. Even with the latest in Recaptcha technology, honey pots, and other measures, your web forms can only do so much to prevent someone with bad intentions from submitting a form. This spam message appears to get through Recaptcha, which tells us that it’s likely submitted by a human being or a bot that can get through the industry-standard of form validation.
The messaging looks like this (complete with grammatical errors) for your reference:
“Hello,
Your website or a website that your company hosts is violating the copyrighted images owned by our company (xero Inc.).
Take a look at this official document with the links to our images you used at (your website URL) and our earlier publications to obtain the proof of our copyrights.
Download it right now and check this out for yourself:
https://sites.google.com/view/[redacted]
I do believe you’ve intentionally violated our rights under 17 USC Sec. 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Sec. 504 (c)(2) of the Digital Millennium Copyright Act (DMCA) therein.
This message is an official notification. I demand the removal of the infringing materials described above. Please be aware as a company, the Dmca demands you to eliminate and disable access to the infringing materials upon receipt of this particular notice. In case you do not stop the use of the above-mentioned infringing materials a lawsuit will be started against you.
I have a good faith belief that use of the copyrighted materials referenced above as allegedly infringing is not authorized by the copyright proprietor, its legal agent, as well as law.
I declare, under consequence of perjury, that the information in this notification is correct and hereby affirm that I am permitted to act on behalf of the owner of an exclusive and legal right that is presumably infringed.
Sincerely yours,
Ranjit Carr
Legal Officer
xero, Inc.”
There are variations of this message, namely the contact information and company changes. We’ve seen variations from popular companies like Hubspot, Trello, and others.
We’ve also seen this one:
“Hi!
My name is Jessica.
Your website or a website that your company hosts is infringing on a copyright-protected image owned by myself.
Check out this document with the links to my images you used at (your website’s URL) and my earlier publications to get the evidence of my copyrights.
Download it now and check this out for yourself:
https://sites.google.com/view/[redacted]
I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.
This letter is an official notification. I seek the removal of the infringing material referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to remove or disable access to the infringing materials upon receipt of this notice. If you do not cease the use of the aforementioned copyrighted material a lawsuit will be commenced against you.
I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.
I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Best regards,
Jessica Martin”
As you can see, these messages stay true to many of the hallmarks that phishing attacks so often take when sent via email. Some will appear to have come from a professional photographer, while others will appear to come on behalf of recognizable brands like Xero, Intuit, Hubspot, or Trello. We suspect that these emails are often manually sent by a human being to help them bypass spam blockers, so it is all the more important that you and your clients remain vigilant.
We include your clients because they likely have websites of their own, and this attack will target any website with a form present. Even if you don’t tend to offer hosting or website management, it isn’t a bad idea to educate them.
If We Handle Your Website and Marketing, You Typically Don’t Have to Worry About Image Copyrights
Our policy is to only source our images from trusted vendors like Adobe Stock. We don’t use free image sites or Google Images to grab images for websites we work on—it’s worth the effort because entities like Getty Images can be relentless about protecting their work and don’t care how small of a business you are, or how little of an impact using the image may have had.
Even MSPs Need to Be Careful About Getting Scammed
Remember, it is all too easy to be fooled by scams like these, and as an example, it is all the more important that the MSP is able to spot them successfully. Otherwise, you could very well have a PR disaster on your hands.
That said, this is a good opportunity to teach your clients about the dangers of a phishing attack. If you have our Ultimate MSP Website, you should check out a new addon we put together called the MSSP Cybersecurity Content Kit. It’s the first of many upgrade add-ons we’re launching for the MSP Website. This kit includes all-new cybersecurity content with landing pages, deliverables, and a whole new cybersecurity section for your website. It includes a branded flyer to help your customers spot a phishing attack.
If you want any help producing the messaging to send to your clients about this persistent and irritating threat, please don’t hesitate to give us a call at 888-546-4384.