Photo Phishing Scam: How To Keep Your Pond Scammer Free
A classic phishing email scam is making its way into email inboxes again. The scam starts with a seemingly legitimate email from someone posing as a professional photographer. The "photographer" will state that their photos were being illegally used and that you are infringing on their copyright.
The email may appear valid, but the sender's only intention is to install malware on your computer. Normally, scammers will try to get you to click on a link or downloadable file. That download will install malware, spyware, and a host of other malicious content.
So, What Does A Phishing Email Scam Look Like?
We've provided an example for you below.
Name
Sally B. Luffs
Subject
COPYRIGHT INFRINGEMENT - yoursite.com is in violation
Phone
1 (800) 123-SCAM
S-photo-pro1645@gmail.com
Message
Hello!
My name is Sally, and I'm a pro photographer.
I have been made aware that your site is hosting pictures I photographed without credit or compensation. I need you to know that this is infringing on my copyright-protected I.P. You are violating my rights as defined in section 101 of U.S. code 17.
Please click the link below to view the copyrighted picture you're using at [insert recipient's site here].
https//:www.dontclickme.scam/
If you do not confirm that you've viewed the copyright and have removed the image or provided proof of purchase within 30 days, I will assume your actions are malicious.
I will immediately begin to seek the maximum amount of compensation as set in section 504 of the Digital Millennium Copyright Act of 1998 ($1,000,000 or 10 years of imprisonment).
This letter is an official, legal notice, and it will be treated as such in a court of law.
Sincerely,
Sally B. Luffs
These scams can LOOK real, but they all follow the same general formula.
That formula is as follows:
- An emotional callout. (I.e., I have been made aware that your site is hosting pictures that I took without credit or compensation)
- A link or a downloadable file. (This will usually be presented as information you absolutely NEED to read before responding)
- An authority-building claim. (I.e., section 504 of the Digital Millennium Copyright Act of 1998)
- A statement intended to scare you (I.e., $1,000,000 or 10 years of imprisonment)
- A closing declaration/threat. (I.e., This letter is an official, legal notice, and it will be treated as such in a court of law)
Why Am I Receiving Phishing Emails?
Scams of this nature are at an all-time high following the transition to remote work.
Personal computers lack the spyware protection of an office desktop. Additionally, your I.T. professional or tech security officer won't be close. Scammers have recognized a golden opportunity to take advantage of unsuspecting workers.
This is as true for business owners as it is for employees.
Trust us, you're not secure, even if you feel that way. Your email may have been leaked by another company, or it's not as protected as you think. We will discuss further down on how to protect yourself from these fraudulent swindlers.
How Do You Tell If An Email Is A Scam?
Check For Simple Things Like Grammar and Spelling Mistakes
If the email looks like a bot wrote it, delete it, flag it, or move on.
Another tell-tale sign is text that feels too general. If the email seems generic and it doesn't reference an article, webpage, or company/name, it wasn't meant for you specifically. Phishing emails get sent to anywhere between thousands and millions of people in mass mailing lists.
Question the Senders Appeals to Authority
Check the sender's sources. You may find out that they're misquoting a law (or making one up entirely).
For example, you'll notice that our sample phishing email didn't link out to anything. A more trustworthy legal communication would have linked directly to the sources they referenced. Look up section 504 and US article 17.
In our example, Sally B. Luffs got their information wrong. $1,000,000 isn't necessarily the right amount. $1,000,000 is simply the first result that pops up in section 504 after a quick ctrl+f of the dollar sign. We picked that number when we were writing up the example because it was large and scary for no other reason.
Scam artists love to make appeals to authority that aren't true.
Ignore Any Timeline an Email Gives You
In our example, the sender gave the recipient 30 days to respond or to take down the offending picture.
A timeline can make you panic and feel trapped. That's exactly how a scammer wants you to feel. You're more likely you are to make bad decisions when you feel rushed.
Is The Email Ultra Focused On You Clicking or Downloading?
Think About What the Scammer Wants. They want you to open the link they've given you.
Don't play their game.
In our example, Luffs doesn't allow you access to photos they're threatening to sue over. You HAVE to click the link they've provided.
That should be an immediate red flag. Why would clicking on a link matter? A genuine legal communication would provide various ways to reach the copyright holder.
If you're still worried, upload the pictures you use your site to Google's search bar to uncover any accidental copyright violations. If you have stolen content on accident, replace it and flag the suspicious email so Google knows it's spam.
Watch Out for Phishy Keywords
Words like "malicious" or "intentionally stole" are red flags. If a "legally binding" email assumes you're guilty, then it's likely a scam. (To be clear, we're using legally binding in the loosest way here.)
Scammers will do anything they can to make you feel isolated, wrong, or like you owe them something. Remember, you are not beholden to a random person emailing you at 3 A.M.
Look At the Email Address
Usually, a scam email produced by a bot will use a generic email (think "name12345@gmail.com").
An official person reaching out to you with a copyright strike would use an official email. If this mysterious photographer is threatening litigation, why wouldn't they use their business email?
Look At When the Email Was Sent
Any small detail can point to a scam email in your inbox.
Working people probably won't send emails at 3 A.M. A bot or a scammer might. If a threatening email appears in your inbox, view it with a healthy dose of skepticism.
If There's a Link, Don't Open It
Look at the link title or hover over it to see where it would send you. (Hovering your cursor over the hyperlink will display the full link in the bottom of your browser window.)
IF someone is claiming that you are using their picture, the link they send should be linking to your site. After all they're trying to give you "proof" of your theft. If the link leads somewhere else, that's a sure signs of bad intentions.
Regardless of the link, you should still never click. If you DO need to verify, we recommend reaching out using a number or email you've sourced independent of any emails.
Don't Get Hooked
When you receive an odd-looking email, check with others in your office before clicking any links or downloading any files.
Scammers can hide malicious spyware in the most innocent-looking places. We also recommend you scan any items you download with anti-virus or anti-malware software before opening or installing.
You can also use the survival-focused S.T.O.P. acronym to allow time to form a solution.
- Stop: calm down (take three deep breaths)
- Think: work out what matters in your current situation (in this case, not getting malware is your goal)
- Observe: look for anything suspicious in the email (see the list we made above)
- Plan: Ask around and figure out a course of action (this can be as simple as deleting the email)
Remember, the best protection you have is always research, critical thinking, and the experience of your office security manager and co-workers.
Let yourself off the hook. Take an extra second to look at suspicious emails.