The Weekly Breach Breakdown Podcast by ITRC - Copyrightcat - S5E37

Show Transcript

Welcome back to the Identity Theft Resource Center’s (ITRC’s) Weekly Breach Breakdown, supported by Sentilink. I’m James E. Lee, the ITRC’s COO, and this is our final episode for the year, December 6, 2024. Each week on this podcast, we look at the most recent events and trends related to data security and privacy. Today, we’re going to broaden our focus to talk about copyright infringement scams primarily aimed at small businesses – including the ITRC – that are using some of the latest technology to commit fraud.

Several months ago, and again just two weeks ago, the ITRC received a letter from an out-of-state law firm claiming we were using a graphic on our website owned by one of their clients. In these circumstances, most cease and desist letters request the image be removed or demand you pay for the rights to the photo or illustration. Not this letter. In fact, the following section of the letter was the first clue that something was off and that it could be one of the copyright infringement scams:

It is required to credit our client for this image. We request you to add a visible and clickable link, either below the image or in the page's footer. Please ensure this is done within the next five business days.

The link in the letter took you to a website where you could download an app. That was clue number two that this was not an ordinary cease and desist letter. 

Being the cautious but curious types, we turned this over to our lawyers just in case it was real. At the same time, we kept digging and soon hit pay-dirt. This was a copyright infringement scam. It's a really convincing scam, but a scam, nonetheless.

The website at the end of the link was registered in a country known for hosting fraudulent websites. Then we started looking into the law firm. This is where things really turned weird. The address for the law firm was real, but the law firm was not. Neither were any of the attorneys listed on the law firm's website. None were registered with the state bar association or licensed in any state. The phone number listed for the firm was a telephone number in a different state. 

In fact, all of the photos and bios for the attorneys, supposedly experts in intellectual property law, were AI-generated. Each headshot photo was of the same model but with variations in gender, age and facial features to create a group of lawyers that never existed. 

Our attorneys reached the same conclusion and reported the alleged law firm to state officials where the firm was supposedly located. So, where was the risk here? They weren’t asking for money in these copyright infringement scams, only a link to a website and a credit line. Sounds pretty innocuous, right?

That seemingly harmless request makes it likely to slip by many small businesses. They know cease and desist letters are serious. However, many small businesses don’t have lawyers on speed dial, and a no-cost option may seem like an easy solution to what could be a costly problem.

Linking to an unknown website to download an unknown app is almost always a ploy to spread malware or some form of information stealer. At a minimum, signing up for the undoubtedly fake app would involve giving away personal information to cybercriminals. That would be bad enough if the business owner’s information were compromised. It would be really bad if customers or website visitors clicked on that link, resulting in an identity crime.

The ITRC received two copyright infringement scam letters – identical wording from two fake law firms. These copyright infringement scams are so prevalent now that online bloggers have written a step-by-step guide to determine if you have received a fake cease and desist letter. To read one of them, click here.

If you want to know more about how to protect your business or personal information, copyright infringement scams, or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.

Thanks to SentiLink for their support of the ITRC and this podcast. This is our final Weekly Breach Breakdown podcast for 2024. Be sure to join us in January as we begin Season 6. Also, check out our sister podcast, the Fraudian Slip, next week when we post our annual predictions episode. 

Please hit the like button for this episode and subscribe wherever you listen to your podcasts. Until next year, have a safe and happy holiday season.