Copyright Phishing Scam

Today I received this message through my contact form:

Name: John

Email: JohnBowles@xero.com

Message:

Hello,

Your website or a website that your organization hosts is violating the
copyrighted images owned by our company (xero Inc.).

Take a look at this report with the hyperlinks to our images you utilized at
www.warrentoda.com and our previous publication to find the proof of our
copyrights.

Download it now and check this out for yourself:

https://storage.googleapis.com/ . . .[redacted] . . .

I do think that you deliberately violated our legal rights under 17 U.S.C. Sec.
101 et seq. and could be liable for statutory damage as high as $150,000 as set
forth in Sec. 504 (c)(2) of the Digital Millennium Copyright Act (”DMCA”)
therein.

This letter is official notification. I seek the removal of the infringing
materials described above. Take note as a service provider, the DMCA requires
you to eliminate and/or disable access to the infringing content upon receipt of
this letter. If you do not stop the utilization of the aforementioned
copyrighted materials a law suit can be started against you.

I do have a strong faith belief that utilization of the copyrighted materials
referenced above as presumably infringing is not authorized by the copyright
owner, its agent, or the law.

I declare, under consequence of perjury, that the information in this
notification is accurate and hereby affirm that I am permitted to act on behalf
of the owner of an exclusive right that is presumably infringed.

Very truly yours,
John Bowles
Legal Officer
xero, Inc.

xero.com

12/06/2021


The message looks reasonably legit and you should not ignore any such copyright claims.

But after a bit more thought:

• I know I have absolutely no photos from this company.

• A legal claim would not use a contact form because there would be no record of it. They would use email or maybe even postal mail. FYI: using a contact form helps evade spam filters.

• Why would they ask me to download something rather than just include links to the photos on my site? After all, this is the required procedure. Also “previous publication” is not proof of copyright ownership.

• The wording is wrong. A lawyer would never speak or write like that. It’s too generic, it’s too casual in some places, and the last few paragraphs are stated incorrectly.

• A web search shows that many others have received the same or similar message through their contact forms over the past several months. ( Here, here, here, here and many more.)

You might think to use an online email validator to check the sender’s email address and use a URL scanner to verify the provided link. But these are unreliable. I can create fake email addresses that will appear valid, and valid email addresses that will appear invalid. URL scanners and link validators can’t detect what might be downloaded.

If you receive a similar message through your contact form or by email, give it a quick read then delete it. Do not click on any links. Presumably the download includes a virus, malware or even ransomware.

 

Copyright Phishing Scam
Tags:         

Leave a Reply

Your email address will not be published. Required fields are marked *

All comments are moderated. Please be patient.

css.php