One of my clients called me last week. He was concerned about an email that he received from a “photographer named Mel” that accused him of using images without permission. The email threatened to report him to his hosting company for copyright infringement and to even sue if the images were not removed. The email included a link where you could see the exact images that were used and proof that they were the photographer’s images.
This was a malicious, phishing email.
Copyright Bullying Scam
I always insist that clients only use properly obtained stock photos, or photos they or someone that they have hired have taken. Copyright infringement is a real thing and can leave you with with a big bill if you’re caught. Getty Images was notorious for sending out demands for payment for as much as $3000 if they found you using one of their images. Add in the possibility of your hosting company pulling down your website for a DMCA violation, and you can see why this scam is so effective.
“Mel’s” email is different. First, it’s an email rather than an a letter, an email that was sent through the contact form on the website instead of directly to the website’s owner. When you read it closely, you can see things that suggest it is fraudulent. Clunky language and a improperly formatted phone number were some of the clues.
I googled some of the phrases used and immediately found that there are many versions of this letter floating around the internet. I was able to call the client and provide him some relief.
Reset Your Instagram Account
A few days ago, I received this text message regarding my own business Instagram account:
“Tap to reset your Instagram password: http://ig.me/###########”
I was a little suspicious because I didn’t request a password reset. I went to the account and I had access, so I was even more suspicious.
So back to the Googletron I go, and once again this is a common phishing scam. Once you click the link, you are asked to enter your credentials. Once you enter your user name and password, you are redirected to the real Instagram sign-on screen, but by then you have given the fraudster you username and password.
Business Instagram users are particularly susceptible to this attack because we actually want people to reach out and contact us. We include our phone numbers as part of our profile. This doesn’t mean you should stop being accessible, it means that you need to be vigilant when it comes to unsolicited contacts.
You may ask, “Why they would want my Instagram account?” In “stealth” mode, a hacker will monitor your account, then begin sending messages to your contacts asking them to provide personal information. Since they have control of your account, it’s easy for them to “un-send” and delete the outgoing messages. In “takeover” mode, they simply take over your account to phish your followers, or just sell the account to someone else if you have a large number of followers.
Domain Expiration Scam
This one is a little different because it’s an actual paper letter. The letter states that your domain is expiring and that it’s urgent to renew it now. It looks official, so to avoid losing your domain, you send them a check.
What you may not have realized, it is an offer to transfer your domain to a new registrar at a highly inflated price of up to 10x the market rate. A quick way to check is if the letter mentions solicitation, proposal or offer. They include words like these to avoid being charged with mail fraud. The letter may also offer inclusion in their SEO directory as a benefit. For these fraudsters, it’s worth the price of a stamp for a 100:1 payback.
How to Protect Yourself
First, the most important thing when you receive any of these unsolicited contacts is DON’T CLICK THE LINK. This is true for any unexpected email or text. At best, you may get a virus, at worst it could mean your identity gets stolen and your bank account gets drained. Clicking on strange links could cause you to get hit with a ransomware attack where all of your data (including your clients information and family photos) is encrypted until you pay the crooks.
Second, google it. Many of these scams have been around for some time. Do an online search to see if this is a common fraud scheme. Most times it’s quickly apparent that the message is fraudulent.
Third, protect your personal information. While it’s impossible to hide everything, you can control what information gets out. One tool that I recommend is to take advantage of the privacy or proxy services your domain registrar offers. Many of these services are free and they hide your name, address and phone number associated with your domain registration. If your domain registrar charges for privacy services, I recommend using Namecheap, who offers the service for free.
Last, if you have any doubts, give me a call or send me an email. We can review it together and take any action necessary. It’s always best to err on the side of caution and it only takes a few minutes to avoid a big loss.