Copyright infringement phishing attacks have been making the rounds again lately. You might have gotten one if you received an email with the subject line: “Your website or a website that your company hosts is violating the copyright protected images owned by myself.” Today we’ll dig into these Copyright Infringement phishing emails and focus on those with dangerous URLs.
We’ve seen a lot of phishing notifications about bogus copyright infringement targeted at company employees. Attackers have also started to implement these attacks via website contact forms, which makes them seem more authentic than when using a cold email body. Also, emails including a contact form template are more likely to bypass spam filters and end up in an inbox.
The social engineering emotional trigger is the threat of consequences for not following instructions. These attacks threaten website owners or employees with legal action for alleged copyright infringement. We have seen attackers claiming to be professional photographers, licensed photographers, experienced photographers, illustrators and also qualified illustrators. Whatever the case, the attacker claims that they own images displayed on the accused website and thus the host of the site is infringing on their copyright.
The attackers then demand payment in order to avoid going to court. Links in these emails, which purportedly offer “evidence” of your copyright infringement, actually contain either trojans for installing malware on your system, or a redirect to a credential harvesting site.
As you can see, these emails look quite similar, with the differences being the senders' names of and the content’s formatting. The second phish uses a contact form and links (the second link was already down when we found it and another link redirected to a file-sharing service in order to download a file ominously named, “stolen images evidence”).
Both emails have been made to look extra scary by citing legal statutes such as DMCA (Digital Millennium Copyright Act) in the text. That law actually exists and while it does protect intellectual property rights in digital media with penalties for violations, I did some research and, as per section 504 (c) (2), the actual fine is has high as $150,000. That is substantially more than the $120,000 and $110,000 fines threatened in emails 1 and 2. Oh attackers: the devil is in the details…
Real notices of copyright Infringements can happen. Knowing the difference between legit and bogus claims will keep your personal and corporate systems safe from breaches.
First off, the claim in these copyright infringement phishes is incredibly obscure. Real notices will usually come from attorneys and are super specific so there would not be room for confusion.
In real cases, the concerned copyright holders are usually pretty reasonable. Mistakes happen, and they would likely reach out to talk through specific objectives with themselves or a legal representative. Rarely would someone go on the attack right away against a website host like in these phishing attempts, threatening recipients with legal consequences.
The final big red flag is in the links. A legit sender would not use file storage servers to send you “evidence.” Never click on a link in unsolicited cases. Just assume they are dangerous.
Our Threat Analysis Team examines tens of thousands of reported phishing emails, including ones like these, a week–and have captured tens of millions of threats to date. Working together with our powerful machine learning model, they cluster the threats, rate them, and incorporate the nasty ones into our training simulations in real time to ensure our training stays at the cutting edge of the constantly-evolving threat landscape. Hoxhunt users are thus drilled on spotting and reporting the latest actual threats making the rounds, removing potentially catastrophic threats from your system with every push of the Hoxhunt reporting button. Read more to learn how to equip your employees with the awareness training that will protect your company from phishing scams.