I've recently become aware of a new kind of scam / phishing attack: the DMCA Copyright Infringement scam.
A DMCA infringement notice is a notification that you receive when some authority realises you're illegally using copyrighted information. They ask you to take it down.
I've only ever seen legitimate DMCA notice in real life, when my roommate was illegally downloading episodes of something via a torrent.
While I've never received a DMCA notice for any content on my websites, I've definitely received my share of DMCA infringement scam attempts.
What Fake DMCA Notice Scams Look Like
Generally speaking, a DMCA infringement scam attempt works like this:
1. Someone will write to you from one of the following scam websites:
- Nationwide Legal (Nationlaw.org, previously nationwidelaw.org but that got taken down, also previously nationwide-law.org, also taken down)
- Arthur Davidson Legal (arthurdavidson.com, also taken down)
- Taylor Wilson Smith Legal Services (www.taylorwilsonsmith.com), also taken down)
- Others, too, probably down by now.
2. They claim that you've used a copyrighted image, sending you a link to an imgur file rather than showing what's on your website.
It'll look something like this (this is copy-pasted from the email I received):
Dear owner of https://hooshmand.net/author/dana/page/6/,
You are receiving this legal infringement notice from Nationwide Legal Trademark Department due to the unauthorized usage of our client's image.
The use of this image: https://i.imgur.com/abcdef.jpg on this page is fine, as long as our client (Motorbike Tire Shop) is fully credited.
3. As you can see above, they don't ask you to take it down (it's not even an option!), but to credit a random website that they say is the originator of this image.
The entire thing is done automatically. This is obvious because look at the content of the latest one I received (also similar to the previous one)
Here's the full letter, screenshotted.
Obvious Signs of a DMCA Notice Scam
There are many fairly obvious signs of a scam using a DMCA notification, but the most obvious ones to me are the request for a link and the use of intimidating-sounding legalese.
If you've ever had the misfortune of having to read a legal document, you've probably noticed that they look quite different to this. They don't make arbitrary requests, and they don't make vague threats.
The reason they make these threats, of course, is to intimidate you. You think "Argh! I've done something bad", then comply out of fear.
The purpose of this scam is to generate backlinks for that website. The people doing this aren't lawyers; they're black hat SEOs.
Just in case, I even checked the image and couldn't find it anywhere on that page (or on my website).
Looking Deeper into the DMCA Notification Scam — More Red Flags
There are other obvious red flags, aside from the general nature of the content.
- The link they've mentioned on my site is one of the miscellaneous author pages, not a blog post.
- Someone from the "Trademark" department is writing about a DMCA notification, which regards copyright. (They're different areas of IP)
- There are obvious typos in the document, like unnecessary spaces or poor syntax. Law firms don't often make typos.
- "Jack Moore" not exist anywhere but on the company's website. No LinkedIn, no other publications, no references to universities... it's probably an AI-generated image (like from "This Person Does Not Exist")
- The email mentions a random case number, probably to make it sound legitimate.
- The antivirus notification in the footer is in Croatian.
The website looks legitimate, at first blush. They're using the old name from before they had to change to the new domain.
But look up the history of this website with any service — including archive.org, the website they themselves use — and you'll see that it has no history, no links, and no traffic.
For example, see the data below from moz.com's free domain analysis tool.
There's data for even the smallest websites I have which get just half a dozen pageviews a day.
So wow, "Motorbike Tire Shop". Scammy business. You've got a pretty sleazy SEO working for you. Sad.
Actual Requirements of a DMCA Notification
If you know what a DMCA notification needs to look like, it gets worse.
Have a look here, the official DMCA website. A DMCA takedown notification should, at minimum, contain (some of these are suggestions, but they're obvious and commonly used ones)
- A signature of the owner or of the person authorized to act on behalf of the owner of the copyright interest,
- Identification of the copyrighted work the claimant is claiming has been infringed,
- A description of the material that you claim is infringed, and the location where the original or an authorized copy of the copyrighted work exists (for example, the URL of the page of the web site where it is lawfully posted)
- A clear description of where the infringing material is located on the website including as applicable its URL so the claimed infringed material can be located,
- Name, address, telephone number, email address,
- A statement that you have a good-faith belief that the disputed use is not authorized by the copyright owner, and
- A statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner's behalf.
Looking at the above letter, it lacks most of these things. There's no description of where the original content is, there's no signature, there's no statement of good-faith belief or that the information in the notice is accurate, and so on.
What to do?
If you receive a real DMCA infringement notice, heed it. Delete the content, and use content that isn't protected by copyright.
But if you receive a fake DMCA notice, like one from nationlaw.org or one of its aliases – By all means, ignore it.