This is a classic phishing scheme - the malicious actor wants the unsuspecting victim who receives the email to click on the link which goes to a Google Drive hosted file that if clicked can create serious vulnerabilities in the victim's device and/or network.
July 13, 2021 - EDITOR'S NOTE - The bot appears to have switched from ng using Google Drive links to Firebase links. Please report the links to Google using this form. Copy and paste (without clicking) the malicious URL and indicate in your report that it was from an email received from your Website's contact form. Maybe with enough reports we can get Google to start sniffing these exploits out before they keep spreading more malware!
The malicious actor is pretending to be a "Professional Photographer" or "Licensed Photographer" and going by the name "Mel" or "Melinda" with variations on the last name is using different fake email addresses and providing different fake phone numbers (generally with a '718' area code).
Once the recipient clicks the link it will take them to a file download that will allow the hacker to seize control of the user's device. The hacker will then be able to hold the user's device hostage and demand a ransom or exploit access to the users' system leading to further damage, compromised accounts, or injection of worms (viruses that infect the host machine and use it to launch attacks on others).
Take a look at two almost identical messages sent through two completely different Website Contact Forms powered by iPlasmaCMS2, Insercorp's proprietary Web Content Management System:
-----Original Message-----
From: REDACTED <[email protected]>
Sent: Monday, June 15, 2020 4:05 AM
To: REDACTED <REDACTED>
Subject: REDACTED Location Contact Form
iPlasmaCMS Location Contact Form Message Generated on June 15, 2020
Name: Mel
Email Address: [email protected]
Phone Number: 17185795917
Preferred Contact Method: PhoneComments
Hello there!
This is Melinda and I am a licensed photographer.
I was discouraged, frankly speaking, when I came across my images at your website. If you use a copyrighted image without my approval, you must be aware that you could be sued by the copyrigh owner.
It's illicitly to use stolen images and it's so disgusting!
Take a look at this document with the links to my images you used at REDACTED and my earlier publications to obtain evidence of my copyrights.
Download it right now and check this out for yourself:
<REDACTED>
If you don't remove the images mentioned in the document above within the next several days, I'll write a complaint against you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.
And if it doesn't work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.
The hacker is trying to scare unsuspecting victims into clicking a link (which we have removed to prevent our readers from accidentally clicking it). Now take a look at another report we received from a completely different client later in the same day:
-----Original Message-----
From: REDACTED <[email protected]>
Sent: Monday, June 15, 2020 10:45 PM
To: REDACTED <REDACTED>
Subject: General Contact Form Message from REDACTEDGeneral Contact Form Message
Generated on June 15, 2020
First Name: Mel
Last Name: Pursley
Title: You have no any rights to use my images for REDACTED without my consent! It's illegal! It violates my rights! You must delete them NOW!!!!!
Company: Me photographer
Email Address: [email protected]
Phone Number: 17188033311
Preferred Contact Method: Phone
Comments
Hello,
This is Melynda and I am a professional photographer.
I was confused, frankly speaking, when I came across my images at your web-site. If you use a copyrighted image without my consent, you need to be aware that you could be sued by the copyright holder.
It's against law to use stolen images and it's so filthy!
Take a look at this document with the links to my images you used at REDACTED and my earlier publications to obtain evidence of my legal copyrights.
Download it right now and check this out for yourself:
<REDACTED>
If you don't remove the images mentioned in the document above within the next few days, I'll write a complaint against you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.
And if it doesn't work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.
Notice how the text of the messages are almost identical in every instance, with specific words substituted to prevent spam detection, such as replacing "licensed" with "professional", "against the law" with "illicitly", "disgusting" with "filthy".
After receiving multiple reports in the last 24 hours from iPlasmaCMS2 Users we wanted to share this information to alert our Clients and raise awareness about this latest phishing scheme.
Safe browsing!
Subscribe to the RSS Feed
Made in the U.S.A.