Getting a lot of website traffic is generally a good thing, but along with potential buyers, the bad guys are looking for you. If you have a website you’re probably used to getting spam through your contact forms – annoying, but generally harmless. However, recently I’ve had several clients get a message that was both scary and dangerous.
While the language used varies, the general idea is always the same. You get a message through your website’s contact form stating the sender (often times a photographer or graphic professional) has found their images on your site and you’re breaking the law by using them. Often times they’ll say they understand you might have done it accidentally, but they insist all of them be removed or they will pursue legal action. In order for you to know which images need to be removed, the sender will say they’ve put all the images into a Google Drive or Dropbox folder for you to review and include a link to the folder. They may also include some other menacing language meant to get you to react without thinking.
Don’t Take the Bait!
If you click the link you’re going to have a serious problem on your hands. It will install ransomware and all of your data will be held hostage. We’re all aware of recent ransomware attacks targeting large corporations, but the software needed to install ransomware has become pretty easy (and cheap) to acquire. This has created an entire industry of low-tech cybercriminals that target small businesses and individuals.
Here are a few basic things you can do to protect yourself from this threat, a lot of the others out there:
- Don’t click! For years we’ve been told not to click links we don’t recognize in emails. The same goes for links you get through your contact forms. It takes almost zero skill to mask a link and make it look like something other than what it is (bit.ly anyone?)
- If your virus protection doesn’t include a ransomware blocker – get a different one. (If you’re not using any virus protection or “free” virus protection – how’s life in the 1990’s?)
- Backup your data. Backing things up 24/7 is recommended, but it’s not always practical. However, external hard drives with backup utilities aren’t very expensive. Get one and run it overnight or on the weekends. At least you’ll have the majority of your stuff available if the worst should happen.
- Only use images you create yourself or get from reputable stock image services. My clients all knew there was something fishy because they know I only use images I obtain through legal sources. But if you’re using pictures you grabbed off Google images, you won’t know for sure that you aren’t infringing on someone’s intellectual property.
- Finally – do a little research before responding to anything that feels “off”. The image ransomeware message is just one of hundreds of cons out there, with more and more happening every day. Start by doing a search on the message itself. If a con works they’ll use it over and over again. Someone who’s been burned will probably have posted about it. If that doesn’t turn up any results, but you’re still not comfortable, look up the contact info they provide and (if available) the IP address they sent it from. If those things don’t line up – it’s most likely a con or a scam.
The Internet is an amazing tool that gives small businesses more opportunities than they ever had before its creation. Unfortunately, it also gives plenty of opportunities to the bad guys as well.