Fake Image Copyright Form Spam

News » Resources » Fake Image Copyright Form Spam

Scammers are always on the move and vigilance is an extremely important player in defense strategy.


Stock images and royalty free photography have been used by websites for decades now. Properly licensing images is a real concern, especially as fly-by-night developers throw together websites using content scraped from search engines with little regard to licensing or intellectual property concerns. These are indeed very legitimate concerns for any company or organization however in the past few months, there has been a dramatic rise in form spam submissions that prey on this very matter, delivering an eye-catching message that ends with a rational to click on a link leading to a malware payload.

Behavioral Summary

  • Nearly always submitted via a contact or quote form
  • Usually contains a throwaway or public/free email address such as Gmail, Hotmail, Yahoo
  • Often has a US/New York or no phone number at all
  • Contains a link to “download a document” with links to their images
  • Makes references to legal claims and copyrights (usually repeated to drive the point home)
  • In some cases, a link to the real social media profile an unsuspecting illustrator, photographer, or creative is used to add credibility to the claim
  • Threatens a DMCA take down or a lawsuit by the copyright holder

Crafting the Story

Messages that follow this pattern usually involve several parts that repeat themselves in some fashion. The submitter establishes themselves as someone in the creative space. There will be an accusation of the misuse or unlicensed use of media, sometimes accompanied by a link to a real personality in the world. This is followed by an external link under the auspices of further substantiating the claim (the link is often hosted on a credible domain that serves legitimate content such as Google Docs, Sites, or Sheets). Finally, the demand: remove the content or risk a DMCA take-down or lawsuit.

That Seems Credible
At first glance it sure does but let us look at a few key points. The message itself is submitted via a contact form or email and not via first class mail or traceable means of delivery. There are no references to the actual images or any proof to substantiate the claim. The submitter is doing the recipient “a favor” by not demanding financial compensation or damages but instead asking them to click on a link that purportedly contains a list of the infringing content.

What Does it Look Like?
With variations, most of these arrive via a form submission (rarely via direct email) and generally follow a structure similar to this one:

Form spam example

Attacks of this nature are often designed to do one of two things:

  • Convenience the recipient to download a file that they would not ordinarily (thereby executing a malicious payload)
  • Send funds in the form of bitcoin or an otherwise untraceable method (less likely immediately as this requires either convincing recipients to fork over funds which is difficult enough as it is or deploying a ransomware package)

What Can You Do?

Protecting yourself and your organization starts with being informed:

  • Educate your organization to watch out for these
  • Be wary of any links (regardless of type) submitted via public-facing forms
  • Ensure that web properties are using properly licensed stock images
  • Check with your IT provider when in doubt about suspicious-looking messages
  • Make intellectual property a part of any content and marketing campaign review process

What We Do to Help Our Customers
To help protect our customers from IP-related concerns (legitimate or not), IQComputing uses images from royalty-free and licensed stock image sources. While customers are welcome to provide their own content, they should always check to ensure that it is properly licensed or that the appropriate intellectual property is being used in a manner consistent with any restrictions.

IQComputing on