When checking for potential cyber threats and ransomware, many teams are gaining confidence that they’re avoiding the common pitfalls. Things like looking for spelling mistakes, checking the ‘sent from’ email address, hovering over links, and even just sense checking yourself that you know the sender, are all good steps; but what about emails threatening legal action?

This morning, we got a call from a client who’d received an email via their website contact form, claiming copyright infringement of images on their website and threatening legal action. We were able to remotely view an email and confirm that this was indeed a scam and that the attached link contained executable ransomware.

On opening the email threat, the client’s instant instinct had been panic at the potential for a large fine, and therefore to open the attachment detailing the infringement. They thankfully stopped themselves at the last moment before clicking download. Phew! This is a client who has been through our cyber training, and regularly refreshes learning, but even with all that knowledge, there’s something about the threat of legal action and a major fine that can still override your training – something that those sneaky cybercriminals are fully aware of. At this point, there’s no harm done, but it could have been a really different story!

Here’s the text from the email (we’ve removed the company website address and link for obvious reasons):

Hello there!

My name is Robert.

Your website or a website that your company hosts is infringing on copyright protected images owned by me personally.

Check out this document with links to my images you used at {{company website}} and my earlier publication to obtain the evidence of my copyright. Download it now: {{link}}.

I really believe you have deliberately violated my legal rights under 17 U.S.C. Sec. 101 et seq. and could possibly be liable for statutory damage as high as $140,000 as set forth in Sec. 504 (c) (2) of the Digital Millenium Copyright Act (DMCA) therein.

This message is official notice. I seek the elimination of the infringing materials described above. Please take note, as a company. the DMCA demands you to remove or/and disable access to the copyrighted content upon receipt of this letter. If you do not stop the use of the previously mentioned infringing materials, legal action will be initiated against you.

I do have a good self-belief that utilization of the copyrighted materials described above as presumably infringing is not approved by the copyright proprietor, its legal agent, as well as legislation.

I swear under penalty of perjury, that the information in this letter is accurate and that I am currently the legal copyright proprietor or am certified to act on behalf of the proprietor or an exclusive right that is presumably violated.

Best regards

Robert Fisher

Top tips for spotting / handling emails like this:

  1. Don’t click on the link, even if that’s your instinct. Links are a primary source of malware, so even if the legalese sets you on edge, don’t click the link.
  2. Think about your own behaviours. Some customers take risks by downloading images off the internet and using them on their website, and if you are one of those, then you could be infringing copyright. However, most businesses are careful to use their own images or purchase from stock libraries, so it is unlikely that they are infringing copyright. This is a red flag.
  3. Follow the normal procedures like looking for lots of grammatical errors, the tone feeling off, checking the sent from email address etc. In this case, the scam uses your website contact form to circumvent the ‘sent from’ email address. Adding a ‘captcha’ challenge to your contact form, which helps determine if the user is a human can help, but not if the details are being entered manually by a human of course.
  4. Google the terms in the email. For example, if you search for “Sec. 504 (c) (2) of the Digital Millenium Copyright Act” there are plenty of links to stories, blogs and articles where people have received the same or similar email. In fact, the top several listings have this text verbatim, with an alternative contact name.
  5. If it still seems legitimate, then Google the company/person it is purporting to be from – if there is one – and potentially test out the telephone number that is listed on the email, again if there is one.
  6. Ask your IT company to check it out, just like our client did. You can do that at any stage, but we’re equipped to recognise these scams and advise you accordingly.

Well done to our client for spotting the scam and calling us! These scams are a bit more sophisticated than the average so keep your eyes peeled. If in doubt, give us a ring and ask us on 01453 700 800.