When using images found online, it’s not always 100% clear what can be used, how it can be used, and if accreditation is necessary.
What is clear is that cybercriminals are taking advantage of this uncertainty using increasingly sophisticated AI-powered phishing attacks and social engineering tactics to target businesses.
Fake image copyright takedown requests are being sent to businesses via contact forms on websites.
The scam involves clever phishing emails warning that a particular image used on your company’s website is copyrighted material “owned by” the sender who threatens legal action if specific images are not immediately removed.
As AI’s use in cyber incidents continues to evolve, these attacks are becoming more personalized, believable, and harder to detect making email security and threat detection more critical than ever
How exactly does this new scam work?
The user receives an email from an unknown sender who claims to be the registered owner of a particular image used without their permission on your company’s website contact form.
Fearing the worst, you click on the link contained in the email to investigate the supposed infraction.
That link takes you to a fake “Stolen Images Evidence” web page and there’s a ZIP file you are asked to download and extract. The ZIP file contains malware that automatically installs on your workstation.
Modern attacks like this are often enhanced with AI-driven automation and malware delivery techniques, allowing attackers to scale campaigns rapidly.
Organizations working with IT security providers like Miles IT are increasingly implementing advanced threat protection, endpoint security, and monitoring systems to defend against these evolving risks.
What makes this particular image copyright scam so dangerous for businesses?
It contains all the hallmarks of successful phishing emails:
- Fear. Threats of legal action by the sender.
- Urgency. “You must respond immediately!”
- Plausibility. We see the symbols everywhere © ® ™ so it seems a reasonable request.
- Readability. These are written by native English speakers as opposed to automated translations from other languages.
- Credibility. At first blush, it looks like a recognizable site. The sender may reference the Digital Millennium Copyright Act that directly speaks to the issue of image copyrights.
It’s worth pointing out that digital marketing agencies that design websites take advantage of paid subscription services like Shutterstock, iStock, and many others that provide royalty-free images and other visual content for websites and blogs.
So it’s highly unlikely that any actual image copyright violations exist in today’s business landscape.
Today, many of these phishing emails are enhanced using generative AI and natural language processing (NLP), making them nearly indistinguishable from legitimate communications.
Forward-thinking organizations are working with partners like Miles IT to implement email filtering, phishing detection, and cybersecurity frameworks that identify suspicious messages before they reach employees.
Who is most at risk to fall for this image copyright scam?
Persons in sales, marketing, and HR roles who monitor various internal “contact us” email addresses.
- info@yourcompany[.]com
- sales@yourcompany[.]com
- marketing@…
- hiring@…
- employment@…
- opportunities@…
- jobs@…
- admin@…
These roles often require quick response times, making users prime targets for business email compromise (BEC) and AI-driven phishing attacks.
Companies implementing security awareness training and threat intelligence, often with support from providers like Miles IT, can significantly reduce risk exposure.
How can I protect my business now from this and other email scams?
The #1 reason this phishing tactic works: FEAR.
By creating an overwhelming sense of fear and urgency, our brains trigger a fight-or-flight-like response.
If you get something in your inbox from someone you don’t know telling you to “TAKE IMMEDIATE ACTION NOW!” by clicking a link or opening an attachment, STOP.
Businesses leveraging comprehensive cybersecurity solutions, real-time threat detection, and managed IT services such as those offered by Miles IT are better equipped to identify and neutralize these threats before damages occur.
Takeaways
Business Email Compromise (BEC) is alive and well.
Bad actors are still using the pandemic work from home employee model to trick the unwary into opening emails that inject malware into their computers or mobile devices.
You can see a more detailed list of dos and don’ts of business email security hygiene here.
Remember, there is nothing that hits your inbox that can’t wait 10 minutes to consider and investigate.
Stay safe out there.
Organizations that take proactive approaches combining a layered cybersecurity model, employee training, and advanced threat monitoring will be far more resilient against modern cyber threats.
