Here at MX Police, we’re seeing a recent bout of spam pretending to represent a cease and desist letter for copyright infringement. The email, signed by a “Senior Legal Advisor,” accuses the recipient of illegally reproducing a certain website’s content without permission. The email goes on to make three demands:
1. remove all infringing content and notify us in writing that you have done so;
2. pay a licensing fee in the amount of 160,000 USD;
3. immediately cease the use and distribution of copyrighted material;
The email is filled with spelling, grammar, capitalization, and punctuation errors. It reads in several parts as if a non-native English speaker wrote it. This is a classic giveaway that an email is spam. Of course, it’s even more absurd considering the email is supposedly an official legal communication.
More specifically, the email betrays itself as spam with its obvious omissions. It fails to name the infringing website. The letter also neglects to identify particular content, either on the infringing site or on the site from which it was allegedly stolen. Such details would be included in a real copyright infringement takedown notice.
Then there’s the ridiculous demand for $160,000. While parties whose content is illegally reproduced are often entitled to monetary compensation, it certainly doesn’t amount to that much. Perhaps the spammers believe they can scare people enough with the threat of legal action into paying to make the problem go away, but it seems a more modest sum might have more luck.
The most amusing part of the spam is its sign-off:
Senior Legal Advisor,
Because we’ve all gotten legal documents from attorneys signed “Yours faithfully” at some point. Or perhaps this is a sign of kinder, gentler corporate legal departments to come.
The website where the stolen content supposedly came from was already shut down by the time of this writing. There was undoubtedly another angle to the scam besides trying to score a quick $160,000. The site was probably set up for a phishing ploy. It may also have been a launching point for malware infection. Regardless, this seems like a good opportunity to review some basics of spam safety.
Never follow any link in an unsolicited email. You cannot trust such links to go where they appear to go or do what they claim to do. When visiting websites, type the URL into your browser’s address bar. Similarly, never open an attachment in an unsolicited email. Opening and executing attachments in spam is the best way to infect your computer and network with malicious files.
Reputable companies don’t ask for sensitive information, such as passwords, account numbers, or credit card numbers, via email. If you are unsure whether an email is legitimate, contact the apparent sender for confirmation. Don’t do this by replying to the message, of course. The best way to verify is over the phone, or by writing to a different, official email address.
If there’s no reason to believe there is any urgency, just ignore the email. If it is legitimate, you will receive a follow-up, either by email or by phone. Such a follow-up typically references previous attempts to contact you. While spam may be re-sent, it duplicates or closely resembles prior messages. However, be aware that some spam feigns urgency with non-specific mention of previous failed attempts to contact you. It usually insists that if the current attempt is unsuccessful, an account will be closed, you will be fined, or some other dire consequence awaits.
The best rule is to always err on the side of caution when dealing with spam. With anywhere from 80 to 90 percent of all global email traffic being spam at any given time, the odds are quite good that anything that doesn’t seem entirely right isn’t.
Posted in: Spam