New phishing scam uses fake copyright claims to infect victims’ machines

A newly detected phishing variant relies on sending fake copyright claims to remove content. If potential victims fall into the trap, it will trigger a malware infection that could compromise all files and systems on the affected device.

The report, prepared thanks to information obtained by stock image platform Peta Pixel, states that some of its members have received several emails similar to those of copyright claims, with only a few minimal differences from a legitimate notification, but that they are certainly decisive in concluding that this is a scam attempt.

Michael Zhang, a member of the Peta Pixel team, points out some of the features of these messages: “The message was written by an alleged photographer who claims that some images available on our platform belong to him and were placed without his permission, so he threatens to initiate legal copyright infringement proceedings; subsequently a link is displayed that supposedly redirects to images misused, in addition to a property certificate that must be downloaded.”

Zhang claims that this raised suspicions for Peta Pixel from the start, as the platform always makes sure that it has the right to use an image before publishing it, and that the team had never received a message before that used a threatening tone, so instead of downloading the attached document they decided to try to contact the sender: “We responded to the message although so far we have not received any response from the supposed photographer. Moreover, we continue to receive similar claims that include attachments and links to unknown websites, which makes it clear to us that this is an attempted scam.”

Cybersecurity specialists always recommend ignoring emails sent by unknown users or containing information too good to be true. However, this is a different approach that can fool even the most informed users, mainly because it includes the threat of future legal problems.

In this case, users who click on these requests will find a “Not Found” error message, indicating that the requested URL is not on the server.

In a related incident, photographer Nick Fancher contacted Peta Pixel to inform them that he had received a similar message informing him that his photographs were being used by similar websites without any rights. Fancher was also able to detect the attempted fraud and act on the situation.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.