You're Stealing Copyright Images On Your MSP Website
Cybercriminals are devising more creative ways to trap potential victims, the latest being a phishing scam email tricking recipients into clicking on a malicious link. This link redirects to a Google Drive doc that could potentially create serious vulnerabilities in the hot's device or network. The attacker can then exploit these vulnerabilities to blackmail the recipient or steal their information.
"You are stealing copyright images on our MSP website."
The phishing email doing the rounds comes from an impersonator claiming to work for MSP as a professional or licensed photographer going by Mel or Melinda's name, with various variations of the last name. The email threatens recipients with legal action if they don't delete images supposedly stolen from MSP.
The sender then directs the recipient to a link containing the images in question and warns them to delete them within the "next several days" or face legal action for copyright infringement. The link takes the recipient to a document on Google Drive.
There are variations of the same email, but the message is the same: you are stealing copyright images on our MSP website. The hacker also uses strong language to prompt immediate action from unsuspecting recipients.
What makes this email a phishing scam?
If you receive this email, you may easily think it's genuine. But a close look will reveal several hallmarks of a phishing scam. Here are some tell-tale signs this email is a scam:
The email address and website do not look genuine.
Phishing emails always have phony-looking email addresses and websites. The hacker claims to be representing a known company, but the email bears a personal email address that appears to be hastily crafted. This attacker claims to be speaking on behalf of a company but uses a personal email address to send out emails.
Another common trick is adding a few characters to domain names of genuine websites to pass for an authentic source. For instance, an email asking you to click on www.google.google to confirm your details would be suspicious.
The email is poorly written.
Another hallmark of a suspicious email is the wording. Scam emails often contain spelling and grammar errors because they are designed to fool the most gullible individuals. It is unclear whether such errors are deliberate or otherwise, but we know that companies take great care to craft their emails before sending them.
One of the emails received from this hacker says: "it's illicitly to use stolen images.." Most phishing email scams contain glaring spelling and grammar errors, and this email falls into this category. The next time you receive mail with such errors, be careful how you handle it.
Suspicious attachment or link
You may not easily tell a genuine email from a fake one, but you should run fast if it contains a suspicious attachment or link. The links often contain forms that require you to fill in your sensitive information, such as login credentials. The hacker then collects such information and uses it to steal your identity.
In the email making rounds, the hacker asks recipients to click on a link to see the photos supposedly stolen from MSP so they can delete them. But the link does not take you to the MSP site. Instead, it opens a file on Google Drive. This should ring an alarm bell because genuine links should always take you directly to the original website.
Some of the phishing emails you will receive, that is, if you haven't received them before, contain attachments that require you to download to your device. These attachments could contain malware, which infects your system the moment you download them. The hacker can also manipulate your devices through the malware and hold you at ransom.
A message designed to make you panic
Hackers often want you to panic so you can provide sensitive information or click on suspicious links without thinking. This email threatens legal action if the recipient does not click on the provided link immediately to take action.
They attempt to achieve this state by invoking an irrational sense of urgency. For instance, this email gives readers "the next few days" or "the next several days" to take action or face dire consequences. To drive the message home, this email contains several aspects of strong language. The scammer says they were "shocked" and that "it's so filthy" to use stolen images.
What's the way forward?
Phishing scams are not about to disappear mysteriously. Cybercriminals are getting more creative in their search for new victims. Their messages may not even go to your spam folder, as you would expect. Fortunately, there is always something you can do to avoid falling into their traps. Do the following if you receive a suspicious email:
- Don't open any attachment or click on a link: Open the mail, read its contents but refrain from clicking on links baited with a false sense of urgency. If you think the attachment is genuine, scan it first before downloading.
- Take a good look at the sender's email: The email address would be the first tell-tale sign: personal, yet the sender claims to be representing a company.
- Don't panic: If the email threatens legal action, or attempts to cause you to fear the unknown, take a deep breath and ignore it.
- Keep your sensitive information safe: Refrain from filling your credentials into online forms or links attached to emails. Your bank won't ask you to confirm your logins online, and neither will any other institution worth its salt. If an email asks you to confirm your details, it's safe to ignore it.
- Take your time: The hacker hopes you will be in too much hurry not to act rationally. They will urge you to download or click "now!" or even add a ticking clock "hurry before the offer expires!"
Phishing emails are common. Hackers look for new ways to trap their victims. But with the right information, you can identify such emails and safely disregard them. Contact us if you need more information on how to safeguard your information systems.