from the gone-phishing dept
Last year, we discussed how malicious actors on the internet were using fake copyright infringement notices in order to get people to click links that downloaded malware onto their machines. While there have long been these sorts of malware scams, what was notable about this one was that copyright culture and the fear of infringement had made this sort of thing viable. Putting the notices of a copyright troll and someone looking to infect machines with malware side by side, they’re basically the same thing in terms of tactic: scare the shit out of people over copyright infringement to get them to hastily do something they wouldn’t otherwise do. In some cases, that’s pay a settlement fee regardless of guilt. In other cases, click a link and get infected with malware.
In the subsequent year, it’s not like copyright culture has calmed the hell down, sadly. So, perhaps it’s not a huge surprise that there are more scams like this occurring. This time, similar copyright notices are going out to owners of WordPress sites in what is simply a phishing attack.
Site owners who use WordPress need to be aware of a new technique that scammers are using to phish for WordPress login credentials: fake copyright and trademark infringement notices. If you or an employee fall for this attack, your entire site could fall into the hands of scammers who may use your site to spread malware or force you to pay a ransom to regain access.
The scam begins when the scammers send the website a notice via email or through the website’s contact system with some legal-ish sounding language claiming that material on the site is infringing their copyright to images or other content. In order to see details of the alleged infringement, the site owner is directed to a “dashboard” on a WordPress.com hosted site. Once there, the website owner will be presented with a form asking them to log in using their WordPress login credentials. Of course, there is no infringement dashboard, and if you fill in the form you have just given scammers the information they need to take over your site
So, this mirrors common email phishing attacks, which typically come from malicious actors posing as service providers looking to verify credentials for reasons having nothing to do with intellectual property. What makes this so devious is that, though the public has somewhat learned to filter out the common email phishing attempts, disguising all of this as a copyright infringement issue pointed at website owners is likely to ensnare more people than a common phish attempt. Fear is what will drive people to click the “dashboard” link quickly.
And that fear has been meticulously cultivated by copyright trolls and aggressive enforcers of IP in the most pernicious manner possible. Creating that fear in order to get settlements and quick monied responses out of people was the entire point. And now all that fear that was generated has an unintended consequence in these targeted phishing attempts.
So, if you have a WordPress site, beware. And even if you don’t, lament that copyright culture and trolls have created this security vector to begin with.