There is a malicious scammer named “Mel” (“Mellie” in one case and “Melina” in the other) filling out their website forms on millions of websites, and very aggressively claiming copyright infringement.
The email arrives via your website contact form and accuses you of using copyrighted website images and asks you to click on a link to see the list of the images that are in violation. (DON’T CLICK THE LINK.) The writer threatens to file a complaint with your hosting company and sue you.
The first scam phishing email is:
This is “NAME CHANGES REGULARLY” and I am a qualified illustrator.
I was baffled, frankly speaking, when I came across my images at your website. If you use a copyrighted image without my approval, you need to be aware that you could be sued by the owner.
It’s illegal to use stolen images and it’s so nasty!
Take a look at this document with the links to my images you used at [website URL] and my earlier publications to obtain evidence of my copyrights.
Download it now and check this out for yourself:
[Redacted link to the phishing site]
If you don’t delete the images mentioned in the document above within the next several days, I’ll write a complaint against you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.
And if it doesn’t work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.
How to Spot a Phishing Email
- Emails from @aol @hotmail @gmail @yahoo @outlook (not a professional company email address)
- Awkward Grammar: Look for awkward grammar and word usage such as “It’s unlawfully!”, in this case.
- Check Spelling: Bad spelling is also another red flag.
- Hover Over a Link to See the True URL (but NEVER click it): Phishing scams will try to hide the true URL to which the link leads. When you hover, you can see the true destination of the URL, regardless of what the link says.
- Be Suspicious of Unsolicited Attachments: Never click on or download an unsolicited or unexpected unusual attachment. Always be suspicious of this.
- Don’t Let Them Intimidate You: Phishing email attempts frequently try to elicit an emotional response from you by using inflammatory or threatening language such as the threat to sue you and file a complaint with your host in this example. Another common tactic is to threaten that an account has been suspended or that you have committed a crime or are in violation of an agreement. Always be suspicious and take a beat before acting on any communication that uses threats.
WHAT TO DO IF YOU CLICKED THE LINKS...
Aresearching the topic, the consensus is to take the following steps if you accidentally clicked on a phishing link
1. This goes without saying, but do not enter any information
Clicked on a phishing link but did not enter details?
Unfortunately, a phishing site can perform double duty and may act to both download a malicious file as well as prompt you to enter details. To be on the safe side, you may want to assume something may have been downloaded and take the precautions listed below.
Clicked on a phishing link on an iPhone or iPad?
iPhones and iPads are generally perceived to be less vulnerable to malware because of iOS.
2. Disconnect from the internet immediately.
This is to isolate your machine from infecting other devices and to cut off access to your machine from the hacker. This may help contain the malware infection.
If you are on a wired connection, unplug. If you are on a Wi-Fi connection, disconnect from the Wi-fi in settings.
3. Backup everything on your device.
It’s important to back up everything immediately so that you don’t lose any of your files in the process. If you’ve been infected with ransomware, having a backup of your files will prevent the hacker from having the power to demand a ransom for you to get your files back. Also, the process of removing malware can cause data loss, so having a back up of your files ensures you have a copy of your files.
4. Scan your system for malware.
If you have anti-virus software on your device already, run it to scan your system. Follow the prompts to remove any suspicious files found.
If you don’t have a tool for this already on the device, it’s important NOT to connect to the internet to download one…you need to keep the device isolated and offline. You can download a malware scanning tool to a thumb drive using a different device and install it on the quarantined machine via the thumb drive.
Consider bringing your device to a professional if you aren’t sure about how to run a malware scan. Malware Bytes, Avast, F-Secure, Kaspersky all have free and paid options. This is especially necessary if you are working on a PC.
5. Change your login credentials.
Change your login credentials to different accounts and websites such as your email accounts, banking websites, and social media websites. It’s a good idea to change your passwords periodically anyway, but this will help protect you if any of your logins were compromised.