Carbon Creative recently become aware of a new type of phishing scam, after one of our clients received a fraudulent form submission.
Currently, there's a phishing scam circulating around the web where a scammer fills out a form on your website, claiming copyright infringement. We have received at least one on our website (as of writing this) and have had a couple of clients receive similar emails as well.
We decided to write a blog post to inform you of the scam, and hopefully help you avoid a potential disaster.
The scam in question has existed for several years, but recently resurfaced and has started targeting contact forms for websites built on WordPress, or in our case, Webflow. You might get an email via your website's contact form that accuses you of copyright infringement, specifically the usage of copyrighted images on your website. It then asks you to click a link to view the copyrighted images.
After asking you to click the link, the writer threatens to file a complaint with your hosting company and proceeds to threaten to take it to court.
How to recognize the scam:
Most often, the sender will use the name "Mel," or some variation containing it. Some examples include:
- ...and more names containing "Mel"
While they frequently pose as a "professional photographer," some other professions include:
- Professional photographer
- Professional photographer and illustrator
- Licensed photographer
- Experienced photographer or illustrator
- Qualified illustrator
What's the goal of this email?
As you might be able to tell by looking at the way the email is worded, its goal is to get you emotional, scare you, and rush you into clicking the link, which will take you to another website or download a malicious file allowing a hacker to gain control of your device. After that, the hacker could hold your information hostage and demand a ransom for it, gain access to your other accounts, or inject viruses that can infect your machine and/or spread to your contacts' devices.
What should I do about this email?
Don't click any links. Delete the email, or ignore it. It's important to not let the scammer intimidate you. Often times, cyber criminals will try to invoke an emotional response out of you by using strongly worded language, such as threatening to take you to court. Some other tactics might include telling you that your "account has been suspended" or that you've committed some type of crime or violation.
It's prudent to always have a small degree of skepticism or suspicion when scrutinizing emails or contact form submissions sent to you, especially those that use threats.
For Carbon Creative Clients:
Everything we use on your website, from photos to videos to audio, are sourced from highly reputable royalty-free media websites like Unsplash or Pexels, or our own licensed Shutterstock account. Rest assured, there are no illegal materials or multimedia on your websites. We also source images from our clients, so you are responsible for ensuring that you have the necessary copyrights to use the images provided to us.
If you ever come across a questionable or suspicious email and would like it scrutinized, feel free to forward the email or send a screenshot to your account manager at Carbon Creative. We will verify the email for you and let you know where to go from there.