There is a new scam making its rounds, and it’s targeted towards companies and their websites. The email claims that the recipient is using a stolen copyrighted image but rather than identify the image, they try and get you to download a file instead.
Here’s the email of the Copyrighted Image Scam, we’ve seen this and several variants of it:
Hi,
This is Melanie and I am a licensed illustrator.
I was discouraged, frankly speaking, when I came across my images at your website. If you use a copyrighted image without my permission, you need to be aware that you could be sued by the copyright owner.
It’s illegal to use stolen images and it’s so disgusting!
Check out this document with the links to the images you used at xxxxxxxxxx.ca and my earlier publications to get evidence of my legal copyrights.
Download it now and check this out for yourself:
download-file.xls
If you don’t delete the images mentioned in the document above within the next several days, I’ll write a complaint on you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.
And if it doesn’t work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.
Here’s what you need to do if you’ve received the Copyrighted Image Scam:
- Do not click it or open it. Forward it to your IT team or simply delete it.
- If you have any doubts about the validity of images on your website, contact your web designer. Any professional designer will have used quality, professionally sourced images.
“Anyone reputable in the web design field will have already laid out where images will come from – whether supplied by the client, sourced exclusively for the site or pulled from a royalty-free source like Unsplash“, says Jamie Ross of Four Winds Design, a St. John’s based web design company.
Why is this happening now?
Since remote work has become more prevalent over the last couple of months, we’ve seen an uptick in phishing emails in all its forms being sent out to customers, staff, friends and acquaintances. Why? Because frankly, it’s easier to scam people when they’re not working within the secure network and firewalls of their office.
How to tell it’s a phishing email:
- Check the spelling – One obvious giveaway is bad spelling. Pay attention, if you see a lot of spelling errors, delete or send to IT to examine.
- Hover before you click – Phishers often try to conceal URLs leading to malware this way, so a good rule of thumb is to always hover over hyperlinks in emails before you click them. This will reveal the true destination of the URL, no matter what the linked text says.
- Be suspicious of generic greetings – Any messages addressed generically, especially ones regarding financial transactions, are suspicious.
- Be wary of attachments – In all circumstances: unexpected attachments should not be opened. The risk is simply not worth it.
- Don’t be intimidated –Phishing email attempts will often seek an emotional response from the recipient using inflammatory or threatening language. Other examples include emails claiming to be from a bank or even a law enforcement agency threatening account closure or arrest if immediate action is not taken.
Check out our other Cyber Awareness blog posts, learn more about our Cyber Liability Protection, or drop us a line if you’ve got any questions.
Contact
"*" indicates required fields
With thanks to our partners at Wedgwood Insurance and Trufla Technology for the amended blog content.
