Site icon Sophos News

Copyright scammers turn to phone numbers instead of web links

Copyright scams aren’t new – we’ve written about them many times in recent years.

These scammers often target your Facebook or Instagram account, fraudulently claiming that someone has registered a complaint about content that you’ve posted, such as a photo, and telling you that you need to resolve the issue in order to avoid getting locked out of your account.

The problem with copyright infringement notices is that if they’re genuine, they can’t just be ignored, because social media sites are obliged to try to resolve meaningful copyright complaints when they’re received.

To discourage bogus complaints and reduce harrassment – and if you are a content producer or influencer yourself, with an active blog, video or social media account, you will probably have had many well-meaning but ill-informed complaints in your time – sites such as Facebook, Instagram, Twitter and the like don’t put the complainant directly in touch with you.

The process usually goes something like this:

In either case, assuming that the service provider considers the case resolved, it’s then closed without the complainant getting to contact you directly, and without you needing to deal directly with the complainant in return.

Ignore at your peril

The idea behind this sort of resolution procedure is obvious.

It avoids lawsuits and protracted (and often expensive) legal wrangling; it maintains the privacy of the alleged infringer and protects them from harrassment by aggressive complainants; and it typically leads to the speedy and effective resolution of genuine copyright issues.

Of course, the flip-side of this approach is that, because it’s intended to resolve the issue quickly without recourse to lawyers and court hearings, it depends upon a prompt and meaningful response.

In other words, if you ignore the complaint, then the service provider will typically resolve it in favour of the complainant, perhaps by blocking access to the offending post or article unilaterally, or deleting it entirely.

Depending on the nature of the alleged infringement, or on how many times you’ve infringed before, the service may also decide to suspend your account temporarily, or even you lock you out of your account altogether until you negotiate your way back in.

Grist to the cybercrime mill

As you can imagine, this type of interaction is ripe for abuse by phishing scammers.

Whether they’re sending you fake emails or instant messages, crooks know that you know that copyright infringements can’t just be ignored, because doing so could end up with you getting locked out of your account.

And if you’ve ever been locked out of a social media account, you’ll know what a palaver it can be to get back in again, not least because you first have to prove to the service provider concerned that you really are the original account holder, which often involves back-and-forth negotiation involving scanned IDs and other personal documents.

So, the crooks figure that many people are more inclined to “click the link” in a copyright infringement notice than in an email pretending to be from their bank or their email provider.

Of course, in many of these scams, the first step is to take you to a fake login page for the service concerned, and ask you to login. (We’ve even seen scams of this sort that ask for the current 2FA login code from your authenticator app, thus greatly reducing your security by pretending to take it seriously.)

https://nakedsecurity.sophos.com/2020/10/27/facebook-copyright-violation-tries-to-get-past-2fa-dont-fall-for-it/

The call is free!

Well, this weekend we received a fake DMCA (Digital Millennium Copyright Act – the US law that covers infringements of this sort) “complaint” that took a slightly different approach.

The email was simply written (though fortunately with a few typographical mistakes that we hope you would spot as early warning signs), and offered a link to let you see the original complaint:

Interestingly, the “Read the full text” button goes to a legitimate website in Europe, but instead of presenting a fake login page or other content that would set cybersecurity alarm bells ringing, the crooks apparently deliberately chose a URL that didn’t exist on a site that was otherwise unexceptionable.

So all you see is:

Note that you probably won’t get a warning from your web filter or your DNS provider at this point about a risky site or a dangerous domain name, because the site itself doesn’t serve up any fraudulent content implanted by the crooks.

In this case, the crooks are deliberately avoiding using a “call to action” link that leads to a fake login page or an unlikely domain name, which could easily be blocked by cybersecurity products or even by your browser.

They’ve copied a trick that tech support scammers have been using for years, and that some ransomware scammers have recently adopted, namely giving you a toll-free phone number to call for “help”.

https://nakedsecurity.sophos.com/2021/08/03/bazarcaller-the-malware-gang-that-talks-you-into-infecting-yourself/

Given that the call is free, and given that phoning up doesn’t directly expose your computer or your browser to fake websites or booby-trapped downloads…

…it feels as though dialling the number ought to be a low-risk option by means of which you can quickly find out whether this is a scam or not.

All we can say is, “Don’t do it!

Never feel bullied, pressurised, lured, seduced or cajoled into contacting someone you don’t know on their say-so.

Remember that the crooks at the other end of the phone line in this case are almost certainly not in the US, even though the contact number is directed via a US tollfree service.

And these scammers take calls like this for a living, so they know every trick in the social engineering book.

The best that can happen if you do call back is that you will reveal nothing about yourself that you didn’t mean to; the worst is that you might just blurt out something you later wish you hadn’t.

What to do?


LEARN MORE ABOUT COPYRIGHT SCAMS

Original video here: https://www.youtube.com/watch?v=xVasO4k-mMQ
Click the cog icon to speed up playback or show live subtitles.


Exit mobile version