For the past few weeks, my clients have been asking me about this spam email going around. They’re all getting basically the same email, and it makes them understandably nervous. First, let’s look at what they received recently, then we’ll talk a bit about spam email in general.
Spam Email About Copyrighted Images
There seem to be a few different variations, but they all say something like this:
This is Melisha and I am a certified photographer.
I was confused, frankly speaking, when I came across my images at your
website. If you use a copyrighted image without my permission, you should
know that you could be sued by the copyright owner.
It’s illicitly to use stolen images and it’s so mean!
Take a look at this document with the links to my images you used at
(the client’s website address) and my earlier publications to get evidence of my
Download it now and check this out for yourself:
If you don’t delete the images mentioned in the document above within the
next several days, I’ll write a complaint against you to your hosting
provider stating that my copyrights have been infringed and I am trying to
protect my intellectual property.
And if it doesn’t work, you may be pretty (bleep) sure I am going to report and
sue you! And I will not bother myself to let you know of it in advance.
Sometimes the malicious actor calls herself Melinda, Michele, Mallory, or another similar name. She might identify herself as an experienced illustrator, graphic designer, or a photographer. Sometimes the language varies a bit. In some letters, she says using someone else’s photos is “so nasty,” or “so disgusting.” That inflammatory language is meant to get your attention.
When my clients have received this email, some of them have forwarded it to me because at first, they felt insulted, then that voice at the back of their head wouldn’t stop bugging them until they double-checked. They were 99 percent sure none of the images on their website were stolen, but they sure didn’t want to risk the possibility of getting sued.
What Mel Really Wants
The phishing email attempts to create fear so you’ll click on the link to see what she’s talking about. It implies you’ll see the image in question, but you’re really taken to a Google Drive hosted file that can cause serious vulnerabilities in your computer or network.
Don’t click the link. The hacker at the other end could take control of your device, compromise accounts, hijack your website, or inject malicious code. Good job to our clients who were smart enough to spot a scam and stay away from clicking the link.
Other Email Scams to Watch Out For
Fraudsters send spam through email contact forms because business owners want to hear from people interested in their company. Messages sent that way are less likely to get caught in spam filters and more likely to get opened. Over the years, we’ve seen multiple variations of these types of scams.
The scam email says something like, “I’m Michael at BestSEOCompany.com. I did a scan of your website and found 432 critical errors. I can help you rank higher on Google and get you loads of backlinks.”
SEO is a process that takes time, effort, and investment. It’s like when you buy a car – you can have it fast, cheap, or reliable, but not all three. The scammer wants you to sign up for a service that isn’t in your best interests. And, if we built your website, they’re misleading you about the errors.
Domain Registration Scams
Clients also receive emails that basically say, “We’re a company that offers domain registration, and we noticed someone recently tried to register your domain name as their own. Can you verify whether or not you are dealing with them by providing the following information…”
Other domain registration scams look like they came from your domain registrar and include an invoice with a notice your domain is expiring. We handle this for clients, but if you handle your own domain registration, you can log in to your account from the registrar’s website to see expiration dates and renewal fees.
“Google Reps” Scam Email
Google doesn’t send unsolicited messages or make phone calls to ask you for passwords or other account information. If you’re not sure whether Google might be trying to contact you, don’t give out sensitive information until you’ve checked if it’s actually Google. You can also use this form to report suspicious activity.
Signs an Email is Fake
The FTC says Americans lose more than $57 million a year over phishing scams. Put a note in your brain that these should be red flags that make you proceed with caution:
- They look like they’re from a company you know and trust, but there are misspellings, or the company name is slightly off.
- The email says there’s been suspicious activity, so they need you to confirm login, account, or payment information.
- The greeting is generic.
- They say you won something you didn’t sign up for.
- They include attachments you didn’t expect or ask you to click a link you’re not sure about.
- Language triggers fear, uncertainty, or threatens to embarrass you.
We’re always happy to visit with clients when they have concerns about website or email security. Feel free to contact us to find out more about our approach to online security.