Do you have a website? Yes? Well, be careful if you receive an email with a copyright infringement notice as it could be part of a new phishing scam targeting website owners.
Businesses have been receiving emails letting them know they have infringed on intellectual property with a link to click through for more information. When you click the link, depending on the browser, you will be notified the link is directing you to a download for dangerous malware. If your browser for some reason does not have this, your computer or device could be taken over by the sender of the email.
But how do you know if the infringement notice is legitimate or part of this scam? If you’ve had a website built by Localsearch, you can be confident no images have been used to breach copyright. Whether this is you or not, read the below to know what to do if you receive one of these scam emails, how to prevent getting one and more.
6 April 2021: Phishing Scam Targeting Website Owners with Copyright Infringement Notice
In March 2021, website owners began reporting having received an email advising them they had breached copyright for an image used on their website. The email contains a link to see the image, which if clicked, will take them through to a page the browser will block for containing harmful malware.
If the browser does not stop you and you do not have current antivirus software, your computer would be infected and susceptible to hackers. This is not ideal, particularly if you run a business as it could make any data you hold, including customer information, prime for the picking.
Website owners can minimise their chances of receiving email phishing scams by having code implemented on forms blocking mass form submissions, but there is no way to stop manual entries.
What is a phishing scam?
Scamwatch defines a phishing scam as:
“Attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.”
A phishing scam works by someone contacting you by phone, email or social media pretending to be a legitimate body, such as a utility provider, financial institution or government agency, in an attempt to gain personal information. They will generally ask you to confirm your identity by telling them your full name, date of birth, credit card number or by clicking through to a link leading to harmful content. They then use this information to use your identity, log into your bank accounts, hold accounts ransom for payment, infect your computer and a host of other fraudulent activities.
A more targeted type of phishing scam is a whaling or spear phishing scam, where they have gained information about you from a third-party (potentially having scammed them). This makes their claim look more legitimate, therefore making you more likely to comply and fall victim.
How to protect yourself against a phishing scam attack.
There is no way to stop being contacted by a phishing scam, but you can reduce the chances of it happening on your website, and protect yourself if you do.
1. Protect forms on your website from mass submissions.
Speak to your website developer about adding a script for preventing mass form submissions on your website. They may implement a captcha, where a code has to be replicated before someone can submit a form, a paid plug-in which checks the submitter’s details against a database or what’s called a honeypot.
A honeypot is a field added to the form users can’t see, but a bot can fill in. When the field is filled in, the form rejects the submission
None of these options will stop someone from manually contacting you.
2. Keep your antivirus software up to date.
Antivirus software helps protect your computer from infections, like malware, but they can also scan and remove it too. However, for your antivirus software to be working, you need to keep it up to date. This may mean renewing your licence, but it’s worth it for peace of mind while searching and shopping online.
3. Call back personal-information requests.
If a service provider, bank or other business with your information requests any information from you, let them know you can’t speak at that time and will call them back. Then, search for the business’s main number online and contact them directly. They should have records of who is trying to reach you and regarding what if it’s a legitimate call.
4. Verify email addresses.
The same as calling the business if you suspect a scam, always check the email address is valid. Most businesses will not request information like ID or credit card details over email, so if they’re asking for this, call the business or agency using their main number, not one provided in the email.
5. Confirm who you’re giving your information to online.
There are many fake profiles on social media for big corporations, using fake competitions as a trick to get your information. Remember, if something sounds too good to be true, it most likely is. But, you should always check their official social media pages to be sure.
What to do if you believe you’ve been contacted by a phishing scam.
1. Do not click on any links or attachments.
Clicking on any links or opening attachments will make you vulnerable to computer viruses and hackers. It’s best to avoid opening unexpected documents or links, particularly if you do not know the person. If you do know the person but are not expecting anything from them, contact them to confirm it’s intended for you and they haven’t been imitated.
2. Contact the real business, agency or person.
If you believe you’ve been contacted by someone imitating a business, government person, service provider or similar, get in touch with them. This not only verifies who you were speaking with and their intent, but if it wasn’t who you thought it was, it lets them know someone is falsely using their name, for which they may be able to take action.
3. Change your passwords.
Keeper Security recommends updating your passwords every 60 to 90 days to help ensure anyone who may have your password who shouldn’t can’t access your personal information. Remember, keep your passwords unique for each platform and a mix of uppercase and lowercase letters, numbers and symbols.
4. Run a scan on your antivirus software.
Stuff happens. You’re not paying attention and click on a link. One of the kids opens an attachment when you’re not looking. You think a link is sent from a friend.
Regardless if you believe you have opened malicious content, Windows Central recommends running a scam watch every week to keep an eye on things and protect your safety online.
Report any scam activity to ScamWatch. The ScamWatch program is run by the ACCC, and collects and distributes data around active scams in Australia. This information is often published on their website as warnings to help others who may be searching for potential scams online.
What to do if you receive an infringement notice by email.
What is a copyright infringement notice?
A copyright infringement notice is notification of a breach of the Australian Copyright Act 1968. Copyright is a type of intellectual property, protecting original, material creative work, such as writing, drawings, illustrations, blueprints, music, etc.
Under Australian Law, you cannot register for copyright. However, according to the Copyright Agency, certain forms of expressions receive automatic copyright, such as images, music and text. So, this means, if you are using someone else’s imagery or content online, you do need to credit and source them. Not doing so may lead you to receive a copyright notice.
What to do if you have breached copyright.
Again, if you have built a website with Localsearch, we ensure any photos used on your website are either those you have sent us and declared as your own or free to use licensed.
The first action someone will generally take if you have breached copyright is sending a cease and desist letter. If you receive such a letter and have used someone else’s photo or content without their permission without sourcing, remove the material immediately. In the letter, you should find a date of when you need to do this if you need to contact your developer first, which if you cannot meet, you should contact the person or their legal representation immediately.
Not meeting the deadline for removing copyrighted material with no communication to the other party may result in further action.
If you need legal advice, you can find your local lawyer on localsearch.com.au.
What to do if someone is using your content without permission?
If you have found evidence of someone using your writing, images, music or other copyrighted material online without consent or sourcing, contact your legal representation immediately. What they suggest will depend on the matter, but may include issuing a cease and desist for removal of the content.
Disclaimer: This article is for general informational purposes only and does not replace professional legal advice or counsel. Localsearch nor the author are liable for any misuse of the content outlined in this article. Please contact your legal representative for information specific to you.