Scam Alert: Emails and Contact Form Fills Claiming to be an Upset Photographer are a Phishing Attempt

2+

Contact forms are a great way to gather feedback from your customers and to answer questions from your prospective new customers. They are unfortunately also a great way for scammers to try and steal from your business. Even the most secure online forms will get fake submissions claiming all kinds of things. Most of thse scams originate in countries like India, Bangladesh, Pakistan, and the Phillipines where labor is inexpensive and there is enough technical infrastructure to house call centers full of people and computers to send out scams manually.

This one has been circulating since about August of 2020 and recently started hitting a bunch of contact forms for our clients.

Here is what it might look like in your Gravity Forms
mel photographer phishing scam gravity forms screenshot

The messages tend to come from someone named “Mel” with a last name that varies, so far we’ve seen:

  • Mel Castner
  • Mel Brown
  • Mel Kempers

The email address the scammers use on your contact form is usually one of these:

  • Mphoto777@gmail.com
  • Meshot680@gmail.com
  • Mshot387@aol.com

The phone numbers they enter in your form are almost always fake numbers that cannot be dialed. Here are the ones we’ve seen so far:

  • (125) 939-7681
  • (171) 880-9089
  • (121) 231-0885

Each attack is different, but the attacks may claim to be one of a variety of occupations including

  • Professional Photographer
  • Licensed Photographer
  • Experienced photographer and illustrator
  • Qualified illustrator

The message sounds like an angry and distraut photographer who knows you stole their photography for use on your website and is ready to sue you if you do not take action.

The contact message lists a URL which uses Google’s infrastructure to download a zip file to your computer “StolenImages_Evidence.zip”. In that zip file is a Javascript file that if ran allows the attacker to either take over your computer and hold it hostage, steal your banking information from your browser, or compromise your computer to attack others.

google drive downloading malware confirmation

Google Drive is being used to distribute malware by scammers targeting small business owners.

Google does appear to be taking action and removing the downloads, but the scammers just keeping setting up new accounts and sending out new scam emails with new links.

Their warning feels very authentic, that if you do not take quick action they will complain to your hosting provider and have your website taken offline. That threat is enough to make most small businesses take quick action without thinking, but it is followed with a second and more dire threat – a lawsuit.

If you don’t delete the images mentioned in the file above during the next several days, I’ll file a complaint against you to your hosting provider stating that my copyrights have been severely infringed and I am trying to protect my intellectual property.

Whatever you do, DO NOT click on this link or even reply to the email address as it is entirely fake and any action you take will lead your business towards getting scammed.

Here is one copy of the full contact message you might be recieving:

“Hello,

This is Mel and I am a professional photographer.

I was confused, frankly speaking, when I recognised my images at your website. If you use a copyrighted image without an owner’s permission, you should be aware that you could be sued by the owner.

It’s illegitimate to use stolen images and it’s so selfish!

Check out this document with the links to my images you used at www.jdbrunson.com and my earlier publications to get the evidence of my ownership.

Download it right now and check this out for yourself:

https://sites.google.com/view/id000398734672003009/home/drive/storage/file/download?FileID=986077759278413174

If you don’t get rid of the images mentioned in the document above within the next few days, I’ll file a complaint against you to your hosting provider stating that my copyrights have been severely infringed and I am trying to protect my intellectual property.

And if it doesn’t help, trust me I am going to take legal action against you! And you won’t receive the second notice from me.”

The scammers are using rewritting software to make different versions of this scam message. Here is another one:
“Hi there!

This is Melonie and I am a qualified illustrator.

I was baffled, to put it nicely, when I found my images at your web-site. If you use a copyrighted image without an owner’s license, you need to be aware that you could be sued by the copyright holder.

It’s against the law to use stolen images and it’s so wicked!

Check out this document with the links to my images you used at www.jdbrunson.com and my earlier publications to obtain the evidence of my copyrights.

Download it now and check this out for yourself:

https://sites.google.com/view/id000398734672003009/home/drive/storage/file/download?FileID=254100955051773729

If you don’t delete the images mentioned in the file above within the next several days, I’ll file a complaint on you to your hosting provider letting them know that my copyrights have been severely infringed and I am trying to protect my intellectual property.

And if it doesn’t work, for damn sure I am going to take it to court! And I will not bother myself to let you know of it in advance.”