If you create any type of online content-even if you are just an occasional blogger or an occasional social media user-you almost certainly know that other people steal your material and present it as their own.
We are not talking about links, sharing, reposting, etc. These are legal ways for people to re-advertise your work.
We mean that your original content is directly crawled, copied, or republished by others, as if they had created the material themselves…
…No need to bother asking for permission.
At the same time, you will know how easy it is for you to end up being accused of copyright misconduct, even if you are always careful to use third-party materials only in accordance with the original creator’s permission guidelines.
Therefore, in view of the frequent disputes surrounding online copyright issues, many social networks have established formal complaint and appeal procedures.
For example, the Instagram program Official help page, Which explains how to file a complaint if you think you have been deceived, and how to respond if you are falsely accused.
Enter cybercrime
It is conceivable that cybercriminals have learned how to use copyright infringement notices as bait for phishing scams.
By pretending to be social networks such as Instagram, they try to scare you into thinking that there is an official copyright complaint against you.
…At the same time, it provides you with a quick and easy way to dismiss the complaint.
Criminals know that the complaint is completely false, and they know you know it is false.
But not to let you find out that this is fake Because there was no complaint at the beginning, They deceive you into thinking that the complaint is true, but the false part is the complainant’s allegation.
For this reason, they will not accuse you themselves or threaten to sue; on the contrary, they provide you with a simple way to “prove” your “innocence” by providing a link against the “complaint”.
Although we hope you will spot this type of email scam right away, we must admit that some copyright phishing we have received in recent weeks are more credible than many others-better spelling and more reasonable grammar. The example we wrote before.
Like this:
Hello @nakedsecurity
We recently received a complaint about your Instagram post. Your post has been reported as a copyright infringement.
If there are no objections to the copyrighted work, your account will be deleted. If you think this decision is incorrect, please fill out the objection form from the link below.
This [Appeal] The button in this example uses a shortened link (the link comes from bit.ly), but whether you check the purpose of the link in advance or click to visit, the resulting website will not be as fake as you expected.
To check the bit.ly link before visiting, paste the link into the address bar of your browser and add a plus sign (+) Finally, it tells bit.ly to show you the original link without redirecting to it.
Here, the scammer has registered a fake but not too far away domain name fb-notify DOT com, And the link you get will take you to a personalized scam page that explicitly references your account:
In the screenshot above, the account statistics are correct, or the statistics when we received the email, and the picture displayed is indeed from our Instagram page. (Interestingly and ironically, this means that the email itself violates copyright.)
In other pages linked by these scammers, the images stolen by the scammers always seem to be deleted from the penultimate post on the victim’s Instagram page. This may be a coincidence, or it may be that a scammer deliberately chose a recently posted image so that you will remember to post it, but not so close that a copyright complaint may seem impractical.
prick
Anyone who gets to this point will almost certainly start to believe in this scam, which will make the next page look normal, especially considering the HTTPS padlock and it looks pretty good fb-notify domain name:
Then the website will pretend that you made a mistake when entering your password and tell you to try again. This is probably a simple way for crooks to give up the login attempt, where the user apparently just typed all the old trash on the keyboard to see what happens next:
Then there is a message that is credible enough to tell you that your appeal has been successfully submitted:
Finally, criminals secretly redirect you to the real Instagram copyright page we listed above, presumably to increase legitimacy and let you know the real instagram.com website:
what to do?
- Don’t click on the “useful” link in the email. Learn in advance how to handle Instagram copyright complaints so that you understand the procedure before you need to follow it. Do the same for other social networks and content delivery sites you use. Don’t wait until you receive a complaint to find the right way to respond. If you already know the correct URL to use, then you never need to rely on any link in any email, whether that email is real or fake.
- Think before you click. Although the name of the website in this scam is somewhat credible, it is obviously not
instagram.com, Which is exactly what you expect. We hope you don’t click at the beginning (see point 1), but if you visit this site by mistake, please don’t rush to visit it further. It will be worth it to stop for a few seconds and double-check the site details. - Use a password manager and 2FA whenever possible. Password managers help prevent you from entering the correct password into the wrong site because they cannot suggest passwords for sites they have never seen before. And 2FA (those one-time codes that are used with passwords) makes things more difficult for crooks, because your password alone is not enough to give them access to your account.
- Talk face to face with friends who have done it before. If you are active in social media or the blogosphere, you may wish to be prepared in case you receive a real copyright infringement notice. (We assume that the accusation is false, but the complaint itself does exist.) If you know someone who has gone through the real process once, see if they will tell you what is happening in real life. This will make it easier to spot false complaints in the future.
- Watch the video below for more suggestions. In early 2021, we conducted a live broadcast on Facebook to discuss the history and evolution of this type of scam. If you have any friends who rely on social media to generate income and may be worried about their account being cut off, please show them the video to protect them from such tricks.
watch Directly on YouTube If the video can’t be played here.
Click the settings gear on the screen Speed up playback or Show subtitles.
