• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

DMCA takedown notice phishing scheme

JBurton

JBurton

Signtologist
Not sure if anybody has a similar setup, but we use squarespace, and we have a form submission for new customers to request quotes. It's great, but lately it's been getting bs submissions from SEO folks, sales leads lists, etc. At any rate, I'd never seen an outright phishing attempt until now. Here's a screenshot, as I don't want anybody clicking the link and getting a virus.
1711044669295.png
 
JBurton

JBurton

Signtologist
Notarealsignguy said:
I've got a similar phishing email but never through our quote request form.
Click to expand...
I was sweating it for half a second, until I realized that:
1. Not a 'rocket lawyer' link, obviously
2. My website doesn't have anything beyond what would be considered 'regional' branding, so who cares
3. This was a form submission, they could have entered their email as Joe@whitehouse.com
4. Who the hell cares about a sign company in Arkansas? There are very big players that would be more beneficial to target for dmca takedowns. For that matter, what dumbass scammer thinks they'll get anything more than old neon stands and fluorescent lamp holders out of this guy! Send Chandler or Yesco your phishing emails, surely someone in that organization is gullible enough to click such a link.
 
SignDesignLady

SignDesignLady

Always Learning
Seems like if this were legitimate, you would have received a certified formal letter in the US mail, properly formatted and proper grammar used. They did not even properly identify the company making the charge. The party claiming infringement should also be named and examples presented so that they could back up their story.
 
B

bcxprint420

Sign & Banner Xpress
JBurton said:
Not sure if anybody has a similar setup, but we use squarespace, and we have a form submission for new customers to request quotes. It's great, but lately it's been getting bs submissions from SEO folks, sales leads lists, etc. At any rate, I'd never seen an outright phishing attempt until now. Here's a screenshot, as I don't want anybody clicking the link and getting a virus.
View attachment 170297
Click to expand...
That is some of the worst english I have seen used and in a letter from an attorney i dont think so. Weak scam for sure.
 
Johnny Best

Johnny Best

Active Member
JBurdon, you go on those AI websites to get artwork all the time. No wonder somebody is doing this to you. Your lucky you are not growing donkey ears and braying when you talk.
 
JBurton

JBurton

Signtologist
Johnny Best said:
JBurdon, you go on those AI websites to get artwork all the time. No wonder somebody is doing this to you. Your lucky you are not growing donkey ears and braying when you talk.
Click to expand...
On a very real note on AI, my old man was talking with some big wig at a national recently, and he was informed they use ai all the time. Not for garbage art, but for 'correspondence' with city council's, permit departments, proposals, etc. Evidently they spent quite a bit of time contemplating wording previously, now they just say 'letter convincing a city council to grant a variance for a big azz sign, comparing a rejection to nazism, comic sans', and voila, a letter ready to be sign off without ever being read.
Next step, city councils using AI to respond to all inquiries, those email signature lines stating 'views expressed herein are not...' will become the most scrutinized words since ole slick willie's use of the word 'is.'
 
Ron at Forest Litho

Ron at Forest Litho

New Member
One of the marks of a phishing email is an INFLAMATORY Statement. Like: We have just put your charge of $970 for some item on your credit card. Or your account is in arrears and we are freezing all your orders. or Your Fedex shipment cannot be delivered because you are not home. It's all to make you get irate and click before you can think to yourself - this is bull! and then forward it to the actual abuse email of that actual company. I always try to do that so Fedex or UPS or Citibank or Norton can see the phishing emails out there.
 
SightLine

SightLine

║▌║█║▌│║▌║▌█
Even taking the end off the URL - the luhuhu domain by itself just redirects and forcibly downloads a .js Javascript file.... I'm taking it apart out of curiosity. So far though it tries to use WMI (Windows Management Interface) calls to determine your network map and then attach and map your drives to a sokingscrosshotel domain which is an open web directory with default read/write access.
Adding on - then it tries to download and install an msi file and then tried to run that. No idea what that does but its obviously some sort of trojan horse or virus.
 
Last edited:
JBurton

JBurton

Signtologist
SightLine said:
Even taking the end off the URL - the luhuhu domain by itself just redirects and forcibly downloads a .js Javascript file.... I'm taking it apart out of curiosity. So far though it tries to use WMI (Windows Management Interface) calls to determine your network map and then attach and map your drives to a sokingscrosshotel domain which is an open web directory with default read/write access.
Adding on - then it tries to download and install an msi file and then tried to run that. No idea what that does but its obviously some sort of trojan horse or virus.
Click to expand...
Are you one of those who would happily engage with a scammer just to take over their computers? Got to love those videos...
 
gnubler

gnubler

Active Member
Like others said, no attorney is going to address this issue via a website form. Such fancy English!

Despite spam filters, some crap still comes through my website form. Usually it's offshore outfits wanting to help me with SEO and marketing. I curse the people who actually respond to this junk and keep the spam machine churning. If nobody responded it would die a quick death.
 
You must log in or register to reply here.
Top