Have you ever “borrowed” an image off the Internet to use on a website (or post anywhere else)? You are not alone. As early as 2013, the Pew Research Center found that nearly 50% of Internet users download and repost images they find online. Unfortunately, cyberattackers know that too, and they are using this common activity to their advantage.
Phishing Your Guilty Conscience
This scam, which has been classified as phishing,* preys on two common human attributes – gullibility and guilt. It notifies the recipient that the sender has identified images on a company or personal website that are the copyrighted property of the sender. It also threatens them with a lawsuit or other punitive action for using them. It further offers them a link to review the images they purportedly stole. If often comes nested inside a formatted box, like the one shown here, rather than as a traditional email. Should the recipient click the link, malware will infect their computer.
Carmichael Consulting Solutions recommends that all business owners inform their personnel about this scam and use this opportunity to remind them how to recognize a phishing attack. Common signs are:
- Odd misspellings or typos
- Unknown or nonsensical addresses or phone numbers
- A person with whom you are not familiar – even if they have a company, vendor or partner title and/or signature – asking you to click a link
What You and Your Company Need to Do
- If anyone receives such an email, they should not respond, but they should also not delete it. They should bring it to the attention of their manager for further evaluation.
- Company management should consult with the firm’s webmaster or marketing agency to confirm the organization has permission to use all of the images on the company website, as well as any other public Internet sites including LinkedIn and Facebook pages.
- Most importantly for the future of your firm, scams like this are a reminder of the importance of having effective system safeguards in place. Such an event affords a perfect opportunity to ensure up-to-date security solutions such as antivirus and malware are protecting all computing equipment, from servers and desktops to mobile devices.
If there is any chance your organization does not have fully patched systems with robust antivirus and anti-malware solutions running, we invite you to give you a call. By answering a few simple questions, we can determine whether you would benefit from a security evaluation. To get started, call us at 678-719-9671 (choose extension 1) or email firstname.lastname@example.org.
*Phishing is broadly defined as a computer-based attempt to incent a user to perform an action that will cause them or their systems harm. It usually comes via a spoofed email address that looks real, contains a message that appears to be from a reputable source, and includes a link that enables the sender to perform a detrimental activity, such accessing the user’s computer to install malware.