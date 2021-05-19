Scammers Use The Public's Fear Of Copyright Culture To Trick People Into Installing Malware
from the look-what-you've-done dept
It isn't some novel revelation that scammers and malware purveyors have used the public's fear and lack of knowledge about copyright laws and processes to pull off their nefarious deeds. For more than a decade, bad actors have looked at the shady methods of copyright trolls and noticed that those tactics are perfectly suited to convince the public to download malware or fraudulently extract money from people's wallets. None of this is new or surprising. What should be surprising, however, is that absolutely nothing has been done about any of this. Never has a hard look been taken as to why copyright enforcement so resembles these illegal activities, nor has any serious consideration been given to what this culture of permission and fear has done to so well prepare the public to be susceptible to these scams.
As a result, these bad acts continue to the present. TorrentFreak has a post about how scammers are currently using fake notices sent to the public, made to look like copyright threats or warnings, all in an effort to get them to click links and download malware.
Just a few weeks ago, we reported how pirates are lured into downloading malware and trojans. However, people who want to avoid copyright troubles are facing similar risks. As it turns out, fake copyright warnings and takedown notices are commonly used by scammers as well.
These scammers cleverly use the threat that copyright infringement claims pose to recipients. Many website operators fear legal repercussions and are eager to resolve these matters swiftly. Social media users, who risk losing their accounts, are equally concerned.
This happens in a variety of ways. Those hosting or running websites get notices that their sites will be taken down if they don't click the links and respond to a general accusation of copyright infringement. But the scammers are also going after random social media accounts as well, with the same push via threats of account termination to click links. Those links are typically used to steal account credentials, just like a typical phishing email scam. Some, however, actually deploy a payload of malware instead.
Careful readers will notice that there are several mistakes in the notice. However, in their panic, some people may simply read over these errors. Instead, they will click on the Google link where they can download a “Copyright Infringement Evidence” package.
Needless to say, downloading and running these files will infect people’s computers with all kinds of nastiness. Google takes these links down when they are reported and we couldn’t find a live one. However, Techlicious linked one package to a Ransomware trojan.
Why does this work so well? Well, as I mentioned above, it starts to get really tough to tell apart the notices coming from copyright trolls and the scammers. While the end goal is somewhat different, the overall tactic is the same: use threatening language about copyright infringement to scare the shit out of the target in order to get them to hastily do what you want. In the case of copyright trolls, that means so-called "settlement" payments. For the other scammers, this can also mean handing over money, or clicking a link to steal credentials or deliver malware.
It used to be said that only pirates had to worry about copyright culture creating security risks for those infringing copyright. Now, thanks to the expansion of that copyright culture, unsuspecting and innocent members of the public are at risk as well.
Reader Comments
The First Word“
Techdirt gets these every few days...
So Tim wrote up this story before I had a chance to let him know that we actually get these notices every few days, either as emails or spam comments, from people (with ever changing names) claiming to be professional photographers, and saying that we have infringed on their copyright (usually pointing to articles that have no images at all) and threatening to sue. We know enough to ignore them, but seeing how many we get, I do wonder if they're effective for the scammers.
Re: Techdirt gets these every few days...
About as effective, or maybe a little more so that other spamming efforts.
Re: Techdirt gets these every few days...
This makes me wonder: Copyright maximalist often wax on about the "cost" of copyright infringement. But how much is having our modern copyright (that basically lasts forever, since "after you are dead" is not a time you will live to see), as opposed to say, something that only lasts 5-14 years, and that has much closer definitions and limits.
Clearly some non-trivial amount of effort is being put forth to deal with it (and even if people delete the notices, time is money, and the maximalist will surely argue for padding their numbers).
Re: Techdirt gets these every few days...
It would be informative for them to be publicised somewhere, with headers where appropriate...
Re: Techdirt gets these every few days...
We know enough to ignore them, but seeing how many we get, I do wonder if they're effective for the scammers.
i imagine they operate under the same model as copyright extortionists in that the cost of sending out the threats are minimal and if even one person in a hundred/thousand falls for it and pays out the costs have more than been recouped.
One of the hallmarks of spam is lacking specific information., but when "legitimate" DMCA notices go out of their way to be as opaque and lacking in detail as possible (looking at you, twitch), how are people supposed to tell the difference?
Re:
being able to tell the difference would be a "bug" from some peoples perspective.
(I guess Amazon is included in that group.... since they should have both the knowledge and capability to make twitch otherwise.)
Congratulations, copyright maximalists — you’re no better than scam artists now.
Re:
'Now'?
Re:
Now? Prenda, Righthaven, etc... Inventing the art of copyright scamming / trolling long ago!
Re:
They always have been scam artists. They just have a different grift from others.
Related, and I'll probably post it again.
In the podcast You're Wrong About Michael Hobbes tells the story of The Chicks (the artists formerly known as the Dixie Chicks) and their rise to fame before getting cancelled(-ish) by the right-wing anti-fandom media talk engine.
One of the smaller bits is about their early albums before the incident. But Dan Rather notes that Sony made about $150 million from the sales and so the artists themselves should have gotten about $50 million of that, right?
Less than one million. IIRC about $500,000. It lead to a big lawsuit and was the beginning of the end of the Chicks as a country band for daring to rock the boat. Hobbes goes into some detail about how Hollywood Accounting is much like hospital billing, in which expenses charges are overinflated to deplete artist royalties.
Copyright as it is today is giant rent-seeking scams, and piracy is minimally unethical by comparison, and the story of the Chicks is one out of hundreds (if not thousands).
Regardless, it's the most recent ep as of today, found here. Definitely worth the hour-ish listen.
'I learned it from watching you!'
Given how scummy yet profitable copyright extortionists and their tactics are I can't say I'm surprised that scammer would pick up on their tactics and run with it, with the added 'benefit' that the original racket is already only legal thanks to copyright induced madness it's not like the scammers had to change much to adapt it for their use.
There's only so much that one can do to stop stupid people from being stupid. Yes, scammers are a problem, but scammers will always exist and remaining oblivious to the technology one is blindly using is not an option.
