This is a classic phishing scheme - the malicious actor wants the unsuspecting victim who receives the email to click on the link which goes to a Google Drive hosted file that if clicked can create serious vulnerabilities in the victim's device and/or network.
July 13, 2021 - EDITOR'S NOTE - The bot appears to have switched from ng using Google Drive links to Firebase links. Please report the links to Google using this form. Copy and paste (without clicking) the malicious URL and indicate in your report that it was from an email received from your Website's contact form. Maybe with enough reports we can get Google to start sniffing these exploits out before they keep spreading more malware!
The malicious actor is pretending to be a "Professional Photographer" or "Licensed Photographer" and going by the name "Mel" or "Melinda" with variations on the last name is using different fake email addresses and providing different fake phone numbers (generally with a '718' area code).
Once the recipient clicks the link it will take them to a file download that will allow the hacker to seize control of the user's device. The hacker will then be able to hold the user's device hostage and demand a ransom or exploit access to the users' system leading to further damage, compromised accounts, or injection of worms (viruses that infect the host machine and use it to launch attacks on others).
Take a look at two almost identical messages sent through two completely different Website Contact Forms powered by iPlasmaCMS2, Insercorp's proprietary Web Content Management System:
-----Original Message-----
From: REDACTED <noreply@REDACTED>
Sent: Monday, June 15, 2020 4:05 AM
To: REDACTED <REDACTED>
Subject: REDACTED Location Contact Form
iPlasmaCMS Location Contact Form Message Generated on June 15, 2020
Name: Mel
Email Address: Melphotographer985@aol.com
Phone Number: 17185795917
Preferred Contact Method: PhoneComments
Hello there!
This is Melinda and I am a licensed photographer.
I was discouraged, frankly speaking, when I came across my images at your website. If you use a copyrighted image without my approval, you must be aware that you could be sued by the copyrigh owner.
It's illicitly to use stolen images and it's so disgusting!
Take a look at this document with the links to my images you used at REDACTED and my earlier publications to obtain evidence of my copyrights.
Download it right now and check this out for yourself:
<REDACTED>
If you don't remove the images mentioned in the document above within the next several days, I'll write a complaint against you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.
And if it doesn't work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.
The hacker is trying to scare unsuspecting victims into clicking a link (which we have removed to prevent our readers from accidentally clicking it). Now take a look at another report we received from a completely different client later in the same day:
-----Original Message-----
From: REDACTED <noreply@REDACTED>
Sent: Monday, June 15, 2020 10:45 PM
To: REDACTED <REDACTED>
Subject: General Contact Form Message from REDACTEDGeneral Contact Form Message
Generated on June 15, 2020
First Name: Mel
Last Name: Pursley
Title: You have no any rights to use my images for REDACTED without my consent! It's illegal! It violates my rights! You must delete them NOW!!!!!
Company: Me photographer
Email Address: Menikon972@aol.com
Phone Number: 17188033311
Preferred Contact Method: Phone
Comments
Hello,
This is Melynda and I am a professional photographer.
I was confused, frankly speaking, when I came across my images at your web-site. If you use a copyrighted image without my consent, you need to be aware that you could be sued by the copyright holder.
It's against law to use stolen images and it's so filthy!
Take a look at this document with the links to my images you used at REDACTED and my earlier publications to obtain evidence of my legal copyrights.
Download it right now and check this out for yourself:
<REDACTED>
If you don't remove the images mentioned in the document above within the next few days, I'll write a complaint against you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.
And if it doesn't work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.
Notice how the text of the messages are almost identical in every instance, with specific words substituted to prevent spam detection, such as replacing "licensed" with "professional", "against the law" with "illicitly", "disgusting" with "filthy".
After receiving multiple reports in the last 24 hours from iPlasmaCMS2 Users we wanted to share this information to alert our Clients and raise awareness about this latest phishing scheme.
Safe browsing!
Wow! Lots of great information. Unfortunately, I’m really not that tech savvy. I started a blog on blogspot (address is above). I’ve tried to promote it and even started a facebook page. But, I’m going nowhere. My husband and I are on a fixed income, so paying others is something that really can’t be done. I want to be able to connect with other bloggers. I’ve been adding their blinkies, so maybe that would help? Anyway, thank you for the information.
I have receiv emails from differed named people that I have violated the copyright images owned by them. How do I stop receiving these emails?
Thanks
I have receiv emails from differed named people that I have violated the copyright images owned by them. How do I stop receiving these emails?
Thanks
I get soooo many of these....very tiring. Thank you!
I just received this scam email:
Please read it below:
My name is Hannah.
Your website or a website that your company hosts is infringing on a copyright protected images owned by myself.
Take a look at this report with the URLs to my images you utilized at preciousstonesusa.com and my earlier publications to get the evidence of my copyrights.
Download it now and check this out for yourself:
<REDACTED>
I believe that you intentionally infringed my legal rights under 17 USC Sec. 101 et seq. and could be liable for statutory damage of up to $110,000 as set forth in Sec. 504 (c) (2) of the Digital millennium copyright act (DMCA) therein.
This message is official notification. I seek the elimination of the infringing materials referenced above. Please be aware as a company, the Digital Millennium Copyright Act requires you, to remove or disable access to the copyrighted materials upon receipt of this letter. If you do not stop the utilization of the aforementioned infringing content a legal action will be commenced against you.
I do have a good self-belief that use of the copyrighted materials mentioned above as presumably violating is not approved by the copyright proprietor, its agent, or the laws.
I swear, under penalty of perjury, that the information in this notification is correct and that I am currently the copyright proprietor or am certified to act on behalf of the owner of an exclusive right that is allegedly infringed.
Sincerely,
Hannah Marie
08/09/2021
Name: Hannah
Email: Mariepix716@gmail.com
Phone: [your-phone]
City: [your-city]
Zip Code:[your-zip-code]
It was my first time recieving this kind of mail from someone named Linda Turner. I was so scared but at the same time confused coz I really don't remember infringing documents or whatever. Dang!!!!! even click the url. dang!!!! I feel better when I read this article though but these people huh! tried replying it but says mail wasn't send coz address isn't found!
Grrrrrrrrr...... LINDA TURNER!!!!! BOOOOOOOOOOOOOO!
We've just had the same using a firebase link from someone called Jennifer West. Exactly the same as the example posted by Beth. Didn't click - did report it!
EDITOR'S NOTE - The bot appears to have switched from ng using Google Drive links to Firebase links. Please report the links to Google using this form. Copy and paste (without clicking) the malicious URL and indicate in your report that it was from an email received from your Website's contact form. Maybe with enough reports we can get Google to start sniffing these exploits out before they keep spreading more malware!
Mine was Francis! hahahaa
My name is Francis.
Your website or a website that your company hosts is violating the copyright
protected images owned by myself.
Take a look at this report with the hyperlinks to my images you used at
xxxxxxxxxxxx and my previous publications to get the
proof of my copyrights.
Download it right now and check this out for yourself:
https://firebasestorage.googleapis.com/v0/b/storage-729af.appspot.com/o/files<REDACTED>
I do believe that you intentionally violated my legal rights under 17 U.S.C.
Section 101 et seq. and could possibly be liable for statutory damages of up to
$110,000 as set-forth in Section 504 (c) (2) of the Digital millennium copyright
act (DMCA) therein.
This letter is official notice. I seek the removal of the infringing materials
mentioned above. Take note as a company, the DMCA demands you, to remove or/and
deactivate access to the copyrighted materials upon receipt of this letter. If
you do not cease the utilization of the previously mentioned infringing content a
legal action will likely be commenced against you.
I have a good self-belief that utilization of the copyrighted materials described
above as allegedly infringing is not permitted by the legal copyright owner, its
agent, or the legislation.
I swear, under penalty of perjury, that the information in this message is
accurate and that I am the legal copyright owner or am permitted to act on behalf
of the owner of an exclusive and legal right that is allegedly violated.
Best regards,
Francis Delgado
07/12/2021
Hello,
I received this message in my inbox today - name Candy Sanchez was the person saying I have violated their image copyright. I clicked on the link. How can I determine if my computer has been compromised ?
I got one on my work email, a college based email at that, from "Emiliano Padovesi." This person is an actual person (from what I can tell) so the scammers are making a step up and picking people who have Facebook or other social media accounts. Be careful if you use public social media, and if possible, set them to private so that it will be harder for these people to steal your info to use in their scams.