Phishing Attacks On WordPress Site Owners Disguised As Copyright Infringement Warnings
from the gone-phishing dept
Last year, we discussed how malicious actors on the internet were using fake copyright infringement notices in order to get people to click links that downloaded malware onto their machines. While there have long been these sorts of malware scams, what was notable about this one was that copyright culture and the fear of infringement had made this sort of thing viable. Putting the notices of a copyright troll and someone looking to infect machines with malware side by side, they’re basically the same thing in terms of tactic: scare the shit out of people over copyright infringement to get them to hastily do something they wouldn’t otherwise do. In some cases, that’s pay a settlement fee regardless of guilt. In other cases, click a link and get infected with malware.
In the subsequent year, it’s not like copyright culture has calmed the hell down, sadly. So, perhaps it’s not a huge surprise that there are more scams like this occurring. This time, similar copyright notices are going out to owners of WordPress sites in what is simply a phishing attack.
Site owners who use WordPress need to be aware of a new technique that scammers are using to phish for WordPress login credentials: fake copyright and trademark infringement notices. If you or an employee fall for this attack, your entire site could fall into the hands of scammers who may use your site to spread malware or force you to pay a ransom to regain access.
The scam begins when the scammers send the website a notice via email or through the website’s contact system with some legal-ish sounding language claiming that material on the site is infringing their copyright to images or other content. In order to see details of the alleged infringement, the site owner is directed to a “dashboard” on a WordPress.com hosted site. Once there, the website owner will be presented with a form asking them to log in using their WordPress login credentials. Of course, there is no infringement dashboard, and if you fill in the form you have just given scammers the information they need to take over your site
So, this mirrors common email phishing attacks, which typically come from malicious actors posing as service providers looking to verify credentials for reasons having nothing to do with intellectual property. What makes this so devious is that, though the public has somewhat learned to filter out the common email phishing attempts, disguising all of this as a copyright infringement issue pointed at website owners is likely to ensnare more people than a common phish attempt. Fear is what will drive people to click the “dashboard” link quickly.
And that fear has been meticulously cultivated by copyright trolls and aggressive enforcers of IP in the most pernicious manner possible. Creating that fear in order to get settlements and quick monied responses out of people was the entire point. And now all that fear that was generated has an unintended consequence in these targeted phishing attempts.
So, if you have a WordPress site, beware. And even if you don’t, lament that copyright culture and trolls have created this security vector to begin with.
Comments on “Phishing Attacks On WordPress Site Owners Disguised As Copyright Infringement Warnings”
Well, this definitively proves that copyright is great for thieves.
Re:
Not quite. Suing over every little “infringement” creates tools for thieves. There is a difference.
Re: Re:
Enabled by copyright as is. And until sufficient disincentives are put into copyright law to discourage such nickel-and-diming, similar attempts to use copyright to bypass other protections afforded by law and due process will persist.
Re: Re: Re:
Again, suing over every little “infringement” created the case law that encouraged the lobbying which led to horrible legislation like the DMCA. So suing over every little “infringement” created copyright as is. Never forget that.
Re: Re: Re:2
Suing over every little infringement would not have carried the weight it did in the early 2000s, if copyright law didn’t have maximum penalties of $150,000 per infringement baked into it to start with and give copyright enforcement a financial incentive to get the racket going. There’s very little question of what came first.
Re: Re: Re:3
I refer you back to my previous comment. If you still don’t get it, there’s no help for you.
Re: Re: Re:4
If you’re talking about how suing led to the DMCA, the bulk of the RIAA’s lawsuits happened in the early 2000s – which the DMCA predated in 1998, as a combination of two major intellectual property treaties of WIPO from 1996, as an amendment to the Copyright Act of 1976.
You seem insistent on claiming that litigious interests led to harsh copyright laws – the fact is, without the foundation of copyright law enabling the ambulance-chasing behaviors of the RIAA, there would not have been the swathes of settlement campaigns launched by copyright maximalists looking for a quick buck by harassing grandmothers.
The rest of your commentary is little more than a snobbish put-down attempting to masquerade as a comeback.
Re: Re: Re:5
And of course the RIAA (and the MPAA) never sued bootleggers in the 1980s and ’90s.
The rest of your commentary is little more than a snobbish put-down attempting to masquerade as a comeback.
I could say the same about your comment, except it’s worse: it’s a thinly veiled attempt at dedending maximalist companies on the disingenuous basis that they “didn’t begin suing people until after the DMCA was signed into law.” The DMCA didn’t enable your heroes, it just made their actions more obvious.
Re: Re: Re:5
So maximalists never sued over home taping, claiming it was “killing music”? Also, the World Wide Web was released two years before the DMCA and the Mickey Mouse Protection Act were signed into law. By your logic, the World Wide Web enabled the legislation that “gave rise” to the lawsuits.
The rest of your commentary is little more than a snobbish put-down attempting to masquerade as a comeback.
I could say the same about yours, but it’s worse; by ignoring the foundations of the overweening copyright laws, you’re providing excuses for the maximalists’ excesses. Strange behavior if they’re not your heroes.
Re: Re: Re:6
I did a cursory check on this, and there certainly aren’t records of the RIAA going after people who did home taping at the same level of suing they did over Kazaa and Napster. Probably because it was much harder to track over physical media.
That’s maximalist logic. What I said from the first post on this thread is that facets of copyright law, such as a poor standard for IP address evidence and the ability for plaintiffs to claim damages up to $150k per infringement, significantly contributed to the lawsuits. Copyright law was what laid the foundation for mass lawsuits, not the World Wide Web.
From the very first response I made, I said that such lawsuits were “Enabled by copyright as is”. I’ve said it multiple times that maximalists have relied on the foundations of copyright law to harass everybody. That much was clear and obvious, but I suspect you’re going to whine about everyone else’s perceived lack of reading comprehension while you sulk in your corner.
Re: Re: Re:7
I did a cursory check on this, and there certainly aren’t records of the RIAA going after people who did home taping at the same level of suing they did over Kazaa and Napster. Probably because it was much harder to track over physical media.
Possibly, or it could be because it actually cost them to after real infringers, whereas the DMCA they lobbied for made it so even a scattershot approach costs nothing.
That’s maximalist logic.
You ought to know, it’s your logic.
From the very first response I made, I said that such lawsuits were “Enabled by copyright as is”. I’ve said it multiple times that maximalists have relied on the foundations of copyright law to harass everybody.
Liar. You actually said that maximalists only really started going after everybody who so much as downloaded a book from Project Gutenberg in the 2000s. Changing your story now is a motte and bailey defense, one you’re likely engaging in because you know as well as I that the DMCA is not the foundations of copyright.
That much was clear and obvious, but I suspect you’re going to whine about everyone else’s perceived lack of reading comprehension while you sulk in your corner.
Accusing others of your own offenses now? How old are you? Six?
Re: Re: Re:7
…I suspect you’re going to whine about everyone else’s perceived lack of reading comprehension while you sulk in your corner.
Says you that displays an obvious lack of reading comprehension of your own comments, hypocrite.
Re: Re: Re:8
Again… copyright law enabled that.
Maximalists bitch about minimalists the way you do, maximalist.
They started becoming notorious for it. Aside from “Home Taping is Killing Music”, there certainly weren’t lawsuit campaigns in the mixtape era akin to that of the times of Kazaa and Morpheus.
DMCA is a part of copyright law, like it or not. Since the DMCA, in your own words, “made it so even a scattershot approach costs nothing”, DMCA and copyright law absolutely enabled maximalists and their sue-them-all scorched earth strategy.
Coming from the one insisting that people disagreeing with maximalists are anti-copyright pirates who set the foundation for Prenda? You’re hardly in any position to whine about hypocrisy.
Re: Re: Re:5 copywrite
you are 100 pedercent right I remember the riaa going crazy because people were not buying records so much any more saying that bootleg recordings were hurting them , as they went up in price !!
Re: Re: Re:6
The AC you replied to actually denied that happened because they only recognize the lawsuits of the 2000s and later, not the earlier ones.
Re: Re: Re:5
And over six hours after I posted a second response to you, I’m still waiting for either one to show up. I guess certain interests can talk the talk, but not walk the walk when it comes to free speech.
Re: Re: Re:6
Sometimes my responses get flagged with Error 429, suggesting too many flags/triggers, despite several hours between responses.
Maybe don’t trigger the automated system by posting remarks like “said the projector” every five minutes.
Re: Re: Re:7
Sometimes my responses get flagged with Error 429, suggesting too many flags/triggers, despite several hours between responses.
I haven’t seen that even once in this comments section, and on the occasions I have, trying again usually does the trick.
Maybe don’t trigger the automated system by posting remarks like “said the projector” every five minutes.
Can you point to where I’ve done that? No? Maybe don’t lie by confusing one AC with another.
Re: Re: Re:8
I’ve seen it happen multiple times, particularly when typing responses to Tero Pulkinnen, but then that copyright extremist ruins everything he touches.
I think you know as well as I do there’s only one knuckledragger going into these threads whining and screaming about imaginary minimalists, then following up with comments like “Said the lying projector” with a five minute difference.
I tried that once, but predictably you insisted that it wasn’t you. Maybe next time use a consistent pseudonym if you don’t want to be flagged.
Re: Re: Re:9
I think you know as well as I do there’s only one knuckledragger going into these threads whining and screaming about imaginary minimalists, then following up with comments like “Said the lying projector” with a five minute difference.
That must be you if there’s only one commenter doing that, because it certainly isn’t me.
I tried that once, but predictably you insisted that it wasn’t you. Maybe next time use a consistent pseudonym if you don’t want to be flagged.
Look up and down this comments section and you’ll see that nothing I posted has been hidden. I repeat: don’t lie by confusing one AC with another. Additionally, don’t demand others use a consistent pseudonym unless you’re willing to do it yourself, hypocrite.
Re: Re: Re:10
This post indicates otherwise.
Re: Re: Re:2
That’s given.
So what’s your point?
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:3
You’ll learn in time. Meanwhile, stay in school.
Re: Re: Re:4
No school of which i am aware has a course covering “The Intent of Statements Made by One Particular Captain Obvious McPartly-Wrong”.
It’s like you have some huge secret that everyone else just doesn’t see, so why not simply deliver your insight, if there is such to be had.
Litigious organizations. Law. The broader consequences. Even if one grants the cart-before-the-horse model you propose, what is the oh-so significant upshot here?
Re: Re: Re:5
No school of which i am aware has a course covering “The Intent of Statements Made by One Particular Captain Obvious McPartly-Wrong”.
And yet you managed to attend it.
Re: Re: Re:3
You’ll learn one day. Meanwhile, stay in school, kid.
Re: Re: Re:
Suing over every little “infringement” creates tools for thieves.
Suing over every little “infringement” creates AN EXCUSE for thieves.
Because if you’re going to be treated like a thief by a court that has already determined you’re guilty, what’s the point in trying to be anything else.
Re: Re: Re:2
Suing over every little “infringement” creates AN EXCUSE for thieves.
Fuck off, maximalist company shill.
Re: Re: Re:3
Between the pirate and the shill trying to calm the tits of Cary Sherman, I think I know who the average person is going to root for.
Re:
Well, if this is theft, then maybe the police should be called on them.
The same folks who say “You wouldn’t steal a car” would definitely understand that “You wouldn’t extort and falsely accuse of theft an… anybody!”
Re: Re:
No, no, no. The line is, “You wouldn’t download a car,” to which the general response is, “Fuck you, I would if I could.” Of course, thanks to the creation of 3D printing technology, someone has actually downloaded a car. 😉
Re: Re: Re:
If those asinine unskippable anti piracy advertisements taught 2000s kids anything, piracy may be a crime but it is a crime worth committing. The preservation of cultural products is more important than one person’s imprisonment.
This shit is just another good reason of many why we should push for an end of this backwards, unenlightened copyright regime. Copyrights is no way to build a free and just digital society on. State-forced monopolies are inherently unjust and rob the people of value. Diminishing rights of the people in order to serve the greed of a minority is backwards. We don’t need copyright landlords and we dont need to pay huge monopoly rents for our culture for indefinite time. We can do better.
Re:
We can do better.
Copyright terms no longer than life+50 (as required by the Berne Convention) or 75 years from publication for works of corporate authorship, and a complete repeal, without replacement, of the DMCA. Of course, that will be too much for the maximalists and not enough for the minimalists, and theirs are the loudest voices in the debate.
Re: Re:
Between maximalists and minimalists, who do you think the silent majority general public will support? Hint: it’s not going to be the side with a history of threatening and dragging innocent people to court.
Re: Re: Re:
Which minimalists, one might add, are the minimalists in question?
Re: Re: Re:2
A fair question to ask, considering that minimalists have never had any sort of meaningful presence beyond an imaginary bogeymen for maximalists to push their agenda.
Re: Re: Re:3
Lied the minimalist to push their agenda.
Re: Re: Re:4 Strongly worded letter to follow
Sorry bro but I own the copyright to the “Lied the A to do the B format.”
Re: Re: Re:5
Even if you originated that idea, you can only copyright your expression of it. Just because you and your ilk think you should own all creative output forever…
Re: Re: Re:6
You’d need a mile long pole with a baseball mitt on the end to get that joke.
Re: Re: Re:
Well, it’s certainly not going to be the minimalists whose activities encouraged Sony to damage people’s computers not only with rootkits, but also the tools that made them visible (rather than removing them).
Re: Re: Re:2
I see, so you’re the sort of person who goes “I don’t support rapists, but that girl was wearing a skirt that was criminally short, so I don’t think she deserves sympathy.” Nice.
Re: Re: Re:3
I see. So you’re the sort of “commenter” that uses false equivalence in a vain attempt to win an argument. But let’s go with your example of a rapist: what Sony BMG did is like a vigilante group beating up innocent men because some girls and women were raped. Free clue: not all minimalists are mere loud-mouths like you.
Re: Re: Re:4
You’re the one who claimed that maximalists used the existence of minimalists to justify the Sony rootkit, so minimalists are the cause of maximalist actions.
And in your follow up claim, you would say that because innocent men were beaten up, girls and women who wear short skirts should have no sympathy because they encouraged the rapists.
You can keep trying to paint everyone who disagrees with you as a minimalist for all the good it does, but I’ll once again note that aside from blaming minimalists for the actions of maximalists over and over, you can’t even list minimalists who actually pose any significant threat, on par with the actions of the RIAA in the early 2000s and the likes of Prenda Law in the early 2010s.
Re: Re: Re:5
You’re the one who claimed that maximalists used the existence of minimalists to justify the Sony rootkit, so minimalists are the cause of maximalist actions.
Nope, you’re the one claiming I said that because you’re either a liar or you lack reading comprehension. What I actually stated was that Sony BMG used the existence of some minimalists as an excuse to create not just the rootkit, but also the equally harmful “removal” tool.
And in your follow up claim, you would say that because innocent men were beaten up, girls and women who wear short skirts should have no sympathy because they encouraged the rapists.
You do know that repeating your false equivalence isn’t the way to win a debate, right? Are you seriously this dumb, or are you confirming my belief in your disingenuousness? Given how you keep appealing to ignorance along with other logical fallacies, I no longer think you’re a minimalist. Your tactics are too much like those of other maximalist shills.
Re: Re: Re:6
When you blame minimalists for the actions of maximalists, you’ve long lost the ability to accuse others of false equivalences.
Re: Re:
14+14 for copyright terms, no more. A single term of 5 years for corporate works, and any attempts to extend this will be subject to investigation of both claim and corp by the FTC, aided by the FBI and whatever is deemed necessary.
Harsh penalties, inclusive of forcible dissolution or splitting of corps for copyfraud and litigious abuse of copyrights.
Fair wages for content creators of all stripes, non-negotiable.
If the DMCA has to stay, charge a filing fee that is payable to the FTC or a similar government entity. Hell, keep the damn filing fee for all copyright-related filings.
Re: Re: Re:
14+14 for copyright terms, no more.
You forgot something.
Copyright law’s best and brightest.
Re:
That’s also a good description of everyone who calls for the complete destruction of copyright as though that won’t give publishers their complete oligopoly back.
Re: Re:
How, if anybody including the author can give away or sell copies of a work, and multiple projects can be be inspired by the same work. Also, there will be no more demand letters from lawyers who see making claims of copyright infringement as easy money..
Re: Re: Re:
Also, there will be no more demand letters from lawyers who see making claims of copyright infringement as easy money.
True. There’ll instead be demand letters from lawyers who see making claims of plagiarism as easy money.
Re: Re: Re:2
Copyright infringement and plagiarism are two different things. You would not refer to downloading a song or software as plagiarism, unless you started calling it a Photoshop you invented or a hit single you personally wrote. Not that it’s stopped pro-IP organizations from trying to muddy the two to vaguely appeal to morality, because it’s linked to the myth that strong IP protections are a guarantee of future innovation.
If lawyers tried to send settlement letters based on plagiarism claims, the same way they’ve historically sent out settlement letters for alleged copyright infringement, they wouldn’t get anywhere.
It’s basically a match made in hell, as between copyright treated as guilty upon accusation and utterly insane fine amounts when it comes to extortion and/or getting people to panic you’d be hard pressed to find a more effective method than accusations of copyright infringement.
Re:
It’s like some bastard version of Poe’s law, in that it’s hard to make a copyright claim so fraudulent someone won’t think it looks legit.
Re:
And people will still read the comments criticizing this, believing that maximalists will use it as justification to have even worse outcomes – as if they haven’t already ruined enough shit for everyone as it is.
Re: Re:
Actually, I can imagine them doing just that, screaming that people sending notices in their name is “passing off” while ironically not realizing it’s the laws they lobbied for that made this type of fraud possible.
Re: Re:
Maximalists will use just about anything to “justify” worse outcomes and prop up their fraud.
They’re no different from authoritians in that regard.
Re: Re: Re:
Indeed. If it wasn’t for content creators that they sucker into becoming unwitting pawns, or idiots screaming about the “minimalists” that don’t exist (in the same way that Republicans scream about the far left or ANTIFA), maximalists would have nobody in their corner. All they have are simps that they managed to con.
Re: Re: Re:2
…or idiots screaming about the “minimalists” that don’t exist…
Lied the minimalist in a vain attempt to hide their cries of “Destroy copyright!”
Re: Re: Re:3
You previously asked:
If you can’t even name these minimalists who you think other people claim are being supported, what minimalists do you think actually exist?
Re: Re: Re:4
You, an AC, just confused another AC with a third as though there’s only one of us using that badge. Irony much?
Re: Re: Re:5
Then why speak in defense of that AC, and not another?
This comment has been flagged by the community. Click here to show it.
PeopleNet Fleet Manager
I must say you have written a great article. The way you have described everything is phenomenal. That’s great. I was impressed by your writing. I am happy to see such a topic. https://www.pfmlogin.net/
Well criminals learn their trade by copying other criminals…
shrug emoji
So, they’re hosting arbitrary pages on their official domain, the one with the apparently-real “log in” link on their homepage? Isn’t that kind of a bad idea? There seem to be lots of sites with separate “user content” domains, presumably so the URL bar won’t show their main domain for scams. This would be especially bad if WordPress ever sends links in official emails.
Re:
Sending links in emails is bad, and so site that considers security would do anything other than ask you to log into your account to do something. Note, no links and no account details, as the owner of said account should know those.
Wouldn’t shock me in the slightest if this was done and paid for by Comcast/AT&T, Apple etc as a way to destroy anti-corporate sites…..
No, they’re going to be considered thieves for what they’re doing and no amount of evidence to the contrary will sway the courts. They might be given criminal records for what they’re writing. So if they’ve got nothing to gain for following the rules because the rules are corrupt, then embracing the fact that publishing your “outlaw” books, songs, and movies makes sense.
Re:
Being considered a thief is a lot different to actually being one, and making a copy of something isn’t doing a thing to the original, much less taking it from the rightful owner. Therefore, copyright infringers aren’t thieves.
Re: Re:
Yes, copying is not theft, but even something so simple is going to be difficult for someone who has been trained (bribed?) to see it as theft.
Musicians, filmmakers, and artists should be aware of that, and know that what they want to make might get them in legal trouble, but that could also be a major selling point. Some of the best books in human history were made under duress- Solzhenitzsyn, Gandhi, Rushdie, and King come to mind, and yet they were still published. So don’t let the threat of a small fine and possible criminal record stop you from doing what you were born to do.