With more people working from home than ever this past year, we've seen a marked increase in the prevalence of phishing emails. Some scammers are even targeting business owners with emails using scare tactics that include threats to litigate and fear-mongering legal jargon.
How Can I Tell That I've Received a Phishing Email?
- Look at the email of the sender – If they are not a verified source such as a stock image website or the hosting/domain company that you work with, avoid opening any links. If you're unsure of who hosts your domain, visit whois.com to verify this information.
- Check the spelling & grammar in the email – It's common for scammers to use improper spelling, lack of punctuation, and awkwardly worded phrases. Proceed with caution if the email presents any of these issues.
- Don’t click on links without hovering – Hover over any links in the email to ensure that you are linking to a legitimate site. If the preview on hover does not look correct, avoid clicking on the link.
- Is the sender asking for money? – If a sender is asking for money from an unknown payment portal or untrustworthy site, it is likely a phishing attempt.
If you're ever unsure about an email and its legitimacy, forward the email to your IT team for verification. Read on to see examples of common phishing emails targeting business owners that are circulating in 2021.
'Unauthorized Image Use on Website' Email
This common phishing attempt typically comes from a ‘photographer’ or ‘illustrator’ stating that the recipient is using a stolen copyrighted image. In most cases we've seen, they send a link to download a file instead of identifying the image that is infringing on their rights.
We’ve seen many variants of the email going around – please note, the below is an example:
This is [NAME] and I am a licensed photographer.
I was baffled, frankly speaking, when I found my images at your website. If you use a copyrighted image without an owner's consent, you should know that you could be sued by the owner.
It's unlawful to use stolen images and it's so low!
Here is this document with the links to my images you used at [your website URL] and my earlier publications to obtain the evidence of my ownership.
Download it now and check this out for yourself:
[Malicious link to download]
If you don't get rid of the images mentioned in the document above within the next couple of days, I'll file a complaint against you to your hosting provider letting them know that my copyrights have been severely infringed and I am trying to protect my intellectual property.
And if it doesn't work, for damn sure I am going to take legal action against you! And I won't give you a prior notice again.
Email with Complicated Legal Jargon
Another common phishing email uses complicated legalese as a fearmongering attempt. The message will likely include a notice to pay or settle, with a large amount of money requested. See below an attempt from a scammer to collect $150,000 from a business owner.
I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein. This letter is official notification.
I seek the removal of the infringing material referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to remove or disable access to the infringing materials upon receipt of this notice. If you do not cease the use of the aforementioned copyrighted material a lawsuit will be commenced against you.
'Renewal of Website Domain' Email
Another prevalent scam email is the demand for payment in reference to renewing website domains. Please note that if you get a message about renewal for your domain, it will be directly from the domain registrar where you purchased your URL (examples: GoDaddy, SiteGround, etc.). Read on to see an example of this phishing attempt.
YOUR IMMEDIATE ATTENTION TO THIS MESSAGE IS ABSOLUTELY NECESSARY! YOUR DOMAIN [Website Domain URL] WILL BE TERMINATED WITHIN 24 HOURS
We have not received your payment for the renewal of your domain [Website Domain URL] We have made several attempts to reach you by phone, to inform you regarding the TERMINATION of your domain [Website Domain URL]
CLICK HERE FOR SECURE ONLINE PAYMENT:
[Payment Portal Link]
IF WE DO NOT RECEIVE YOUR PAYMENT WITHIN 24 HOURS, YOUR DOMAIN [Website Domain URL] WILL BE TERMINATED CLICK HERE FOR SECURE ONLINE PAYMENT:
[Payment Portal Link]
The submission notification [Website Domain URL] will EXPIRE WITHIN 24 HOURS after reception of this email
If you ever have doubts about an email and its legitimacy, forward it to your IT team or marketing company for verification. Even if you have a strong security system, it takes only one click to give away the data you’ve worked so hard to protect. If you have any further questions about protecting your company from phishing attempts, contact JET Advertising at (630) 782-8100.