WordPress Users Need to Watch Out for Fake Copyright Infringement Warnings

WordPress Users Need to Watch Out for Fake Copyright Infringement Warnings

[ad_1]

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

Site owners who use WordPress need to be aware of a new technique that scammers are using to phish for WordPress login credentials: fake copyright and trademark infringement notices. If you or an employee fall for this attack, your entire site could fall into the hands of scammers who may use your site to spread malware or force you to pay a ransom to regain access.

The scam begins when the scammers send the website a notice via email or through the website’s contact system with some legal-ish sounding language claiming that material on the site is infringing their copyright to images or other content. In order to see details of the alleged infringement, the site owner is directed to a “dashboard” on a WordPress.com hosted site. Once there, the website owner will be presented with a form asking them to log in using their WordPress login credentials. Of course, there is no infringement dashboard, and if you fill in the form you have just given scammers the information they need to take over your site.

We’ve received a couple of notes from readers who have been targeted in recent days by this scam. Here is a typical example of the scam copyright email:

From: Rebecca Wilhoite <[redacted]@hotmail.com>
Subject: Lawful notice of Copyright Breach

Message Body:
Hello.

Your site ([redacted]) or a site that your business hosts is infringing on copyright-protected images owned by myself.

The wordpress official copyrights dashboard can be found at:

https://wordpress.com/typo/?[redacted]

Find out your wordpress copyrights dashboard with the links to my images you used and my earlier works to get the proof of my copyrights.

I believe you have willfully illegally acted upon my rights under 17 U.S.C. Section 101 et seq. and could be held liable for statutory damages as high as $740,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.

This letter is official notification. I request the removal of the infringing material referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to delete or disable access to the infringing materials upon receipt of this e-mail. If you do not stop the use of the aforementioned copyrighted material a lawsuit will be commenced against you.

I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.

I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Regards.
Rebecca Wilhoite

And a similar version alleging trademark violation:

Edwina Brier Brier

Email

Comment or Message

Hi.

Your site (my url) or a site that your company owns is breaking on trademark-protected content owned by myself.

The wordpress official trademark dashboard can be found at:

https://[redacted].wordpress.com/

Check out your wordpress trademarks dashboard with the links to my media you used and my aforementioned works to get the evidence of my trademarks.

I believe you have willfully broken my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $520,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (“DMCA”) therein.

This letter is legal notification. I request the removal of the infringing media referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to remove or disable access to the infringing media upon receipt of this letter. If you do not cease the use of the aforementioned copyrighted material a lawsuit will be commenced against you.

I have a good faith belief that use of the trademarked materials described above as allegedly infringing is not authorized by the trademark owner, its agent, or the law.

I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Regards.

Edwina Brier

[redacted]@hotmail.com

The scam works very similarly to a copyright scam I reported on back in May, 2021 that used similar fake copyright infringement notices to trick website owners into downloading ransomware. So whether your site is built on WordPress or not, please make sure everyone in your company is aware that this attack vector is being used for various types of malware and phishing attacks. And if you have examples of similar messages you’ve received, please post them in the comments below so others can discover them if they are searching on this topic.

[Image credit: WordPress app on iPhone via Techlicious/Smartmockups]

Josh Kirschner is the co-founder of Techlicious and has been covering consumer tech for more than a decade. Before founding Techlicious, he was the Chief Marketing Officer for Inform Technologies, a start-up provider of semantic technology to media companies. Prior to Inform, Josh was a SVP and Managing Director in the financial services industry. Josh started his first company while still in college, a consumer electronics retailer focused on students.



[ad_2]

Source link