Wordpress Users: Watch Out for Fake Copyright Infringement Warnings

Site owners who use WordPress need to be aware of a new technique that scammers are using to phish for WordPress login credentials: fake copyright and trademark infringement notices. If you or an employee fall for this attack, your entire site could fall into the hands of scammers who may use your site to spread malware or force you to pay a ransom to regain access.

The scam begins when the scammers send the website a notice via email or through the website’s contact system with some legal-ish sounding language claiming that material on the site is infringing their copyright to images or other content. In order to see details of the alleged infringement, the site owner is directed to a “dashboard” on a WordPress.com hosted site. Once there, the website owner will be presented with a form asking them to log in using their WordPress login credentials. Of course, there is no infringement dashboard, and if you fill in the form you have just given scammers the information they need to take over your site.

Here is a typical example of the scam copyright email:
Subject: Lawful notice of Copyright Breach

Message Body:
Hello.

Your site ([redacted]) or a site that your business hosts is infringing on copyright-protected images owned by myself.

The wordpress official copyrights dashboard can be found at:

https://wordpress.com/typo/?[redacted]

Find out your wordpress copyrights dashboard with the links to my images you used and my earlier works to get the proof of my copyrights.

I believe you have willfully illegally acted upon my rights under 17 U.S.C. Section 101 et seq. and could be held liable for statutory damages as high as $740,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.

This letter is official notification. I request the removal of the infringing material referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to delete or disable access to the infringing materials upon receipt of this e-mail. If you do not stop the use of the aforementioned copyrighted material a lawsuit will be commenced against you.

I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.

I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Regards.
XXXXXXX

The scam uses similar fake copyright infringement notices to trick website owners into downloading ransomware. So whether your site is built on WordPress or not, please make sure everyone in your company is aware that this attack vector is being used for various types of malware and phishing attacks. And if you have examples of similar messages you’ve received, please post them in the comments below so others can discover them if they are searching on this topic.

For more information on solutions for running your businesses’ technology more efficiently, visit our website or contact Megan Meisner at mmeisner@launchpadonline.com or 813 448-7100 x210.

This was originally posted by Techlicious.

Related Posts

The Worst Passwords of 2024: Are You Guilty of Using One?

12 Tips to Identify a Fake Virus or Security Alert

How to Keep Your Windows PC Secure on Public Wi-Fi

How to Remove a Password From a PDF File

Profile cancel