Request a Quote

Thank you for reaching out to us! Please fill out and submit the form below and we will get back to you as soon as we are able to. Existing clients may Contact Us online or submit a Support Request.

Your Contact Information

What Services are you interested in?

Project Schedule

Additional Information

Phishing Advisory: Beware of Fake Email from "A Professional Photographer" claiming Copyright Infringement
Jun 16,
2020
Phishing Advisory: Beware of Fake Email from
We have received several reports of a malicious website visitor filling out contact forms on iPlasmaCMS2 Websites from a person named "Mel" claiming your website is using their images and that you must "delete them NOW".

Do NOT click on the link!

This is a classic phishing scheme - the malicious actor wants the unsuspecting victim who receives the email to click on the link which goes to a Google Drive hosted file that if clicked can create serious vulnerabilities in the victim's device and/or network.

UPDATES:

July 13, 2021 - EDITOR'S NOTE - The bot appears to have switched from ng using Google Drive links to Firebase links. Please report the links to Google using this form. Copy and paste (without clicking) the malicious URL and indicate in your report that it was from an email received from your Website's contact form.  Maybe with enough reports we can get Google to start sniffing these exploits out before they keep spreading more malware!

JUNE 29, 2020:  It is confirmed that this script is also targeting Forms on WordPress websites as well.  Thank you to the users who have contributed to this scam alert in our User Comments!

Ransomware Scheme Specifically Targeting iPlasmaCMS2 Website Administrators

The malicious actor is pretending to be a "Professional Photographer" or "Licensed Photographer" and going by the name "Mel" or "Melinda" with variations on the last name is using different fake email addresses and providing different fake phone numbers (generally with a '718' area code).

Once the recipient clicks the link it will take them to a file download that will allow the hacker to seize control of the user's device.  The hacker will then be able to hold the user's device hostage and demand a ransom or exploit access to the users' system leading to further damage, compromised accounts, or injection of worms (viruses that infect the host machine and use it to launch attacks on others).

Take a look at two almost identical messages sent through two completely different Website Contact Forms powered by iPlasmaCMS2, Insercorp's proprietary Web Content Management System:

-----Original Message-----
From: REDACTED <noreply@REDACTED>
Sent: Monday, June 15, 2020 4:05 AM
To: REDACTED <REDACTED>
Subject: REDACTED Location Contact Form

iPlasmaCMS Location Contact Form Message Generated on June 15, 2020
Name: Mel
Email Address: [email protected]
Phone Number: 17185795917
Preferred Contact Method: Phone

Comments
Hello there!

This is Melinda and I am a licensed photographer.

I was discouraged, frankly speaking, when I came across my images at your website. If you use a copyrighted image without my approval, you must be aware that you could be sued by the copyrigh owner.

It's illicitly to use stolen images and it's so disgusting!

Take a look at this document with the links to my images you used at REDACTED and my earlier publications to obtain evidence of my copyrights.

Download it right now and check this out for yourself:

<REDACTED>

If you don't remove the images mentioned in the document above within the next several days, I'll write a complaint against you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.

And if it doesn't work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.

The hacker is trying to scare unsuspecting victims into clicking a link (which we have removed to prevent our readers from accidentally clicking it).  Now take a look at another report we received from a completely different client later in the same day:

-----Original Message-----
From: REDACTED <noreply@REDACTED>
Sent: Monday, June 15, 2020 10:45 PM
To: REDACTED <REDACTED>
Subject: General Contact Form Message from REDACTED

General Contact Form Message
Generated on June 15, 2020

First Name: Mel
Last Name: Pursley
Title: You have no any rights to use my images for REDACTED without my consent! It's illegal! It violates my rights! You must delete them NOW!!!!!
Company: Me photographer
Email Address: [email protected]
Phone Number: 17188033311
Preferred Contact Method: Phone

Comments
Hello,

This is Melynda and I am a professional photographer.

I was confused, frankly speaking, when I came across my images at your web-site. If you use a copyrighted image without my consent, you need to be aware that you could be sued by the copyright holder.

It's against law to use stolen images and it's so filthy!

Take a look at this document with the links to my images you used at REDACTED and my earlier publications to obtain evidence of my legal copyrights.

Download it right now and check this out for yourself:

<REDACTED>

If you don't remove the images mentioned in the document above within the next few days, I'll write a complaint against you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.

And if it doesn't work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.

Notice how the text of the messages are almost identical in every instance, with specific words substituted to prevent spam detection, such as replacing "licensed" with "professional", "against the law" with "illicitly", "disgusting" with "filthy".

After receiving multiple reports in the last 24 hours from iPlasmaCMS2 Users we wanted to share this information to alert our Clients and raise awareness about this latest phishing scheme.

Safe browsing!

 

Tim Bradshaw
Founder & CEO
Tim Bradshaw is the Founder and CEO of Insercorp LTD.
Leave a Comment!

Comments

Your comment has been successfully submitted and will be posted when reviewed and approved.
User Comments
Google Icon
Youtube Icon
Linkedin Icon
Pinterest Icon
Instagram Icon
Contact Icon