Fake Copyright Infringement Warnings Used to Spread Ransomware
At Web Maniacs, we take Copyright VERY seriously.
We received an email this morning from our Website that we have used copyright protected images and that the person will now be suing the company.
In this email, the ‘person’ requested us to download their google files to view the hyperlinks to their images. – This can be incredibly scary and so most people will click the link. DO NOT OPEN THAT LINK.
The Findings
Techlicious.com had similar emails sent to them.
Here is what they had to say:
“In the version of the scam we received, the download is a .zip file containing a javascript (.js) file called “Copyright Infringement Evidence.js”. I ran the file through Virus Total and it came back as a backdoor trojan – identified as js.Trojan.Cryxos.5779 and JS/Kryptik.BXN – that can be used to install ransomware and other malicious programs. Only 8 of the 61 malware scanning engines in Virus Total picked this up (BitDefender, Emsisoft, eScan, ESET-NOD32, FireEye, GData, MAX, NANO-Antivirus), meaning it currently has a high chance of slipping through most antimalware protection.”
The Scam Email
Hi!
My name is Katie.
Your website or a website that your organization hosts is infringing on a copyrighted images owned by me personally.
Take a look at this official document with the hyperlinks to my images you utilized at webmaniacs.co.za and my earlier publications to obtain the evidence of my copyrights.
Download it right now and check this out for yourself:
(LINKED REMOVED)
I do believe you’ve intentionally violated my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $110,000 as set forth in Sec. 504 (c)(2) of the Digital Millennium Copyright Act (DMCA) therein.
This message is official notice. I demand the elimination of the infringing materials described above. Please be aware as a service provider, the Digital Millennium Copyright Act requires you, to remove or disable access to the copyrighted content upon receipt of this particular notice. If you don’t cease the use of the above mentioned copyrighted materials a legal action will likely be initiated against you.
I have a good belief that utilization of the copyrighted materials mentioned above as presumably violating is not authorized by the legal copyright owner, its legal agent, or the laws.
I declare, under penalty of perjury, that the information in this message is accurate and that I am the legal copyright owner or am authorized to act on behalf of the proprietor of an exclusive and legal right that is presumably violated.
Regards,
Katie Smith
Detect a phishing email
1 - The message is sent from a public email domain
No legitimate organisation will send emails from an address that ends ‘@gmail.com’.
Not even Google.
Most organisations, except some small operations, will have their own email domain and company accounts. For example, legitimate emails from Google will read ‘@google.com’.
If the domain name (the bit after the @ symbol) matches the apparent sender of the email, the message is probably legitimate.
The best way to check an organisation’s domain name is to type the company’s name into a search engine.
This makes detecting phishing seem easy, but cyber criminals have plenty of tricks up their sleeves to deceive you.
Top tip: Look at the email address, not just the sender
Many of us don’t ever look at the email address that a message has come from.
Your inbox displays a name, like ‘IT Governance’, and the subject line. When you open the email, you already know (or think you know) who the message is from and jump straight into the content.
When crooks create their bogus email addresses, they often have the choice to select the display name, which doesn’t have to relate to the email address at all.
They can, therefore, use a bogus email address that will turn up in your inbox with the display name Google.
Reference: IT Governance
2 - The email is poorly written
You can often tell if an email is a scam if it contains poor spelling and grammar.
Many people will tell you that such errors are part of a ‘filtering system’ in which cybercriminals target only the most gullible people.
The theory is that, if someone ignores clues about the way the message is written, they’re less likely to pick up clues during the scammer’s endgame.
However, this only applies to outlandish schemes like the oft-mocked Nigerian prince scam, which you have to be incredibly naive to fall victim to.
That, and scams like it, are manually operated: once someone takes to the bait, the scammer has to reply. As such, it benefits the crooks to make sure the pool of respondents contains only those who might believe the rest of the con.
But this doesn’t apply to phishing.
Reference: IT Governance
3 - It includes suspicious attachments or links
Phishing emails come in many forms. We’ve focused on emails in this article, but you might also get scam text messages, phone calls or social media posts.
But no matter how phishing emails are delivered, they all contain a payload. This will either be an infected attachment that you’re asked to download or a link to a bogus website.
The purpose of these payloads is to capture sensitive information, such as login credentials, credit card details, phone numbers and account numbers.
You can spot a suspicious link if the destination address doesn’t match the context of the rest of the email.
For example, if you receive an email from Netflix, you would expect the link to direct you towards an address that begins ‘netflix.com’.
Unfortunately, many legitimate and scam emails hide the destination address in a button, so it’s not immediately apparent where the link goes to.
To ensure you don’t fall for schemes like this, you must train yourself to check where links go before opening them.
Reference: IT Governance