A Cautionary tale for Bloggers

We received this email yesterday from our contact page.

Name: Mel



Message: Hi,

This is Melika and I am a professional photographer.

I was discouraged, to put it nicely, when I came across my images at your web-site. If you use a copyrighted image without my consent, you should be aware that you could be sued by the owner.

It’s unlawful to use stolen images and it’s so nasty!

Take a look at this document with the links to my images you used at wattsupwiththat.com and my earlier publications to get evidence of my legal copyrights.

Download it right now and check this out for yourself:

[nasty malware excel macro-enabled file link in email removed to protect our audience]

If you don’t remove the images mentioned in the document above within the next several days, I’ll write a complaint on you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.

And if it doesn’t work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.

FYI, the email address in the note above is invalid, which is why it is not redacted.

Checking the link and doing a bit of research, Anthony found this:

And this article entitled: The Contact Dermatitis and Clothing Connection, at cottonique.com

Which included the following message in the comments.

Moral of the story. Careful what you click on. Sometimes they ARE out to get you- with malware disguised as a lawsuit threat.

0 0 votes
Article Rating
Newest Most Voted
Inline Feedbacks
View all comments
June 18, 2020 2:21 am

Thank you very much for this information.

June 18, 2020 2:24 am

Any non-WOKE sites should be doubly careful that what this email threatens dose not actually happen to them, i.e. a copyright complaint to your hosting provider that shuts you down. Check your ToS carefully.

It is not just scammers out to get you, and frankly, the scammers are the least of the problems on the web these days. The woke will do anything to shut you down.

Reply to  Frenchie77
June 18, 2020 7:48 am

Replace woke with dope.

Joel Snider
Reply to  Frenchie77
June 18, 2020 8:13 am

I like the way the threat manages to sound very self-righteous and high-minded while they’re attempting to screw you over – not that I’m drawing any parallels…

Jack Black
Reply to  Frenchie77
June 18, 2020 5:07 pm

Any threat to sue you in the courts with alternative demands to avoid suit, are never serious. People who sue just sue, and you’ll know soon enough when Court bailiffs or Sheriff’s officers come knocking on your door. All other threats and demands for cash etc, should be met with the universal mollification …..
Please refer to “Arkell v. Pressdram” … Look up that reference in your chosen search engine etc .

Ha !

John Endicott
Reply to  Jack Black
June 22, 2020 5:30 am

Yes and no. There are certainly plenty of people looking to scare you into settling who have no real intent to actually sue you (they just want the money) – the reply given in Arkell v. Pressdram would certainly be appropriate for such individuals.

The fact is, however, there are people with (what they consider) legitimate reasons to want to sue, and the desire to act on them, who will still often give the opportunity to settle before it gets that far (and settlement could be as simple as “ceasing and desisting” the offending behavior). Why? because lawsuits are expensive & time consuming and the outcomes are never guaranteed (no matter how “airtight” you think your case may be). All the reply given in Arkell v. Pressdram would accomplish is to guarantee that such people would press forward with a lawsuit (so you best have a good attorney on retainer) regardless of how strong or weak you might think their suit would be. Whereas a more nuanced and reasoned reply (IE pointing out to them why they don’t have a legitimate case or, if they actually do have a legitimate case, coming to a reasonable agreement) might result in calmer heads prevailing and such lawsuits avoided.

The bottom line is most people don’t actually want to go to court. Yes, scammer try to capitalize on that and most such “demands” most of us will ever see will be of the scammer variety, but not all people who offer an alternative to being sued are scammers. Some really do have (what they see as) a legitimate grievance and really are offering a chance to avoid going to court (they don’t want to spend the time and money in court any more than you do)

June 18, 2020 2:29 am

I know the owners of a small company who fell for this scam 10 years ago and paid the scammers $10k. It works.

June 18, 2020 2:55 am
Reply to  Sera
June 18, 2020 8:59 am

im not clicking on that 🙂

Ken Irwin
June 18, 2020 3:25 am

I specifically ignore threats of lawsuits.

When they get real they come and visit you – until then (expletives deleted).

Don’t ever click on any link unless you actually know the sender and are expecting it.

If you ignore it and it is important they will follow up – don’t sweat it.

I never respond to queries from my bank without confirming by telephone.

99 out of 100 are scams.

James Bull
June 18, 2020 3:26 am

I thought of the logo from these videos when I saw the image. So maybe it’s not such an original image after all.


James Bull

June 18, 2020 3:39 am

So, what were the pics it was claiming? Could probably find out who they actually belong to so they can get in on the maltroll stomping party.

George S Ellis
Reply to  2hotel9
June 18, 2020 6:01 am

There aren’t any. Reread it. The link was to malware.

Reply to  George S Ellis
June 18, 2020 6:58 am

Thought perhaps they did and CR did not show for other reasons. I have run good security for a long time, set up by IT pro not me, so I or my wife and son have not had any problems. Would love to see these kinds of a$$hats get the electronic and legal equivalent of claymores and napalm used on them.

Mark H
Reply to  2hotel9
June 18, 2020 9:06 pm

There are people who do that, here’s an example of one guy destroying the scammers computers, almost 30 minutes, but if you want to see what gets done to them, here it is:


There are a few youTube channels that are basically this, skilled IT guys pretending to be highly naive users while they infiltrate and destroy the scammers computers (sometimes the whole call center full of them).

Henrik Oelund
Reply to  Mark H
June 19, 2020 1:11 am

Please watch the one where he changes the amount and they want him to buy gift cards at Target!
He poses as a woman – Nevaeh….heaven spelled backwards 😆
He’s a genius!!!

Reply to  Mark H
June 19, 2020 12:24 pm

Years ago I followed a site dedicated to scamming the scammers (scam baiting), basically they went after the Nigerian 419 scam. The hoops they could get these scammers to jump through by holding out the promise of money was amazing and entertaining. In writing this I checked the website, looks like they are still active. Some good reading if you want to waste an hour or two, 419eater.com. I didn’t link it so you can be sure I’m not scamming you!!!

Mark H
Reply to  2hotel9
June 18, 2020 9:07 pm

There are people who do that, here’s an example of one guy destroying the scammers computers, almost 30 minutes, but if you want to see what gets done to them, here it is:


There are a few youTube channels that are basically this, ski11ed IT guys pretending to be highly naive users while they infiltrate and destroy the scammers computers (sometimes the whole call center full of them).

Edit: this time without the problematic keyword

Gunga Din
Reply to  2hotel9
June 18, 2020 3:32 pm

Only if the link was legit. The claim was the bait. “What pics? I think I’ll click to see.”
Hooked! Reeled in!
If you are genuinely concerned, maybe hit “Reply” and ask if they’d send a few screenshots as attachments?
(Lots of computer gurus on this site. Would that be a safeguard or could an email attachment be just as bad?)

Patrick MJD
Reply to  Gunga Din
June 18, 2020 8:54 pm

In Windows 10 there is something call Sandbox, where you can run a virtual Windows 10 system under Windows 10. You can do what you like in there and when you shut it down it will delete everything. Very good to testing out dodgy sites and content etc…

June 18, 2020 3:50 am

Dont open any link you dont absolutely trust. Look at the senders email, often the address will be junk, even if they are spoofing a known contact.

Dodgy Geezer
Reply to  Matt_S
June 18, 2020 4:13 am

It is remarkably difficult to know whether to trust a link or not.

There are a set of malware scams around which ask you to click on a link to get a parcel delivered. if you are expecting a parcel, and the email carries all the correct mail company logos, etc, how do you know whether you can trust it?

There really is no completely reliable way to confirm that a request is genuine, beyond chasing up the original company through a different communication channel. Which could be half a day’s work…

Bryan A
Reply to  Dodgy Geezer
June 18, 2020 4:51 am

Best thing to do in that regard is to go to the mailers website directly rather than through the link like Amazon.co upon a fresh page and go to Amazon directly rather than through the link

Dodgy Geezer
Reply to  Bryan A
June 18, 2020 7:57 am

Yes. That I why I said ‘a different communication channel’….

Reply to  Dodgy Geezer
June 18, 2020 5:19 am

whats really odd about those is they tend to start coming in when I buy on ebay especially
suspect theres some link spyware etc being used but damned if I know how.

Reply to  Dodgy Geezer
June 18, 2020 5:35 am

“beyond chasing up the original company through a different communication channel. Which could be half a day’s work”

You go to the websites known address in your browser and enter your tracking number. Takes 30 seconds. You want your banking details ripped off and lose thousands instead?

Look at the senders address. If it is a load of garbage lahwefhlauhva@/com, even if the company logos are accurate, you KNOW it is a scam.

Come on, apply some basic computer science here!

Dodgy Geezer
Reply to  Matt_S
June 18, 2020 7:43 am

“You go to the websites known address in your browser and enter your tracking number. Takes 30 seconds. ..”

Not much point asking a website if someone has just sent you a parcel. You need to talk to a human. Then they need to trace the part of the company that might have done so – which, of course, does not exist. You will be waiting several hours for an answer from them, and you probably will never get a definitive one…

Richard Patton
Reply to  Dodgy Geezer
June 18, 2020 10:41 pm

If it is Amazon you go to their ‘my orders’ page to check. And then there is this, the bogus Amazon deliver notification that I received went to an e-mail address that isn’t in Amazon’s system. Generally, there are lots of clues, you just have to be always suspicious. (Sigh, that is one of the major downsides of the computer age, it makes it so much easier for the bad guys to try to scam you)

John Endicott
Reply to  Dodgy Geezer
June 22, 2020 4:39 am

Not much point asking a website if someone has just sent you a parcel. You need to talk to a human

not really. Most e-commerce sites (such as Amazon) are already set up to help you track your delivery. You just log into their site, go into your orders and you can find out if the order has been sent yet, what delivery service (UPS, FedEx, etc) it’s coming by, when it’s expected to arrive, and even where it’s at in it’s journey from their warehouse to your mailbox. No human interaction required.

Reply to  Dodgy Geezer
June 18, 2020 7:02 am


. . . how do you know whether you can trust it?

In your case, generally scam emails will contain links pointing to domains other than the shipping company within the header portion of the email. If I’m looking into something like this for me or mine, I’ll check there first.

Here’s a primer:


Reply to  Dodgy Geezer
June 18, 2020 7:09 am

I usually look at the URL in any questionable Email and often run “whois” to see how long the domain has been around.

Some times I’ll disable javascript and open it anyway – Linux does a decent job of protecting me from things like Excel spreadsheets and other Microsoft targets.

Reply to  Dodgy Geezer
June 18, 2020 7:20 am

re: Dodgy Geezer June 18, 2020 at 4:13 am
It is remarkably difficult to know whether to trust a link or not.

Dodgy comment … just sayin. (Don’t believe everything you READ on the ‘internets’.)

See comment below by sycomputing for your ‘answer’ vis-a-vis e-mail header examination et al.

Dodgy Geezer
Reply to  _Jim
June 18, 2020 7:55 am

No point analysing the email header. That will tell you which machine sent the message. how do you know if that machine belongs to the company it claims?

Recent spams to me included this email address – purporting to come from a bank in the UK called NatWest:


How do I know whether this is a valid NatWest address? No point checking the certificate, or the geographical location – big banks sub-contract a lot of their services off to companies in foreign parts. I could get in touch with the bank – chasing that down would take more than a day.

The message was an obvious scam to me – but I have had a lot of experience in dealing with these. I can’t think of a simple rule that an inexperienced person could follow which would clearly differentiate a scam from a real message – and if one could be created the scammers would immediately find a way to break that rule….

Reply to  Dodgy Geezer
June 18, 2020 8:40 am


how do you know if that machine belongs to the company it claims?

Well, e.g., here’s one way:


Here’s another:


And another:


If you know what you’re doing there’s several methods to check all this. I promise. 🙂

but I have had a lot of experience in dealing with these.

You might have had a lot of experience in receiving spam, but clearly you don’t have any experience in troubleshooting it.

Take care!

Tom Abbott
Reply to  Dodgy Geezer
June 18, 2020 8:52 am

“There really is no completely reliable way to confirm that a request is genuine”

I run a program called “Scotty the Watchdog”. It won’t allow anything coming over the internet to install itself on my computer. It will put up a warning screen telling me a program is trying to install itself and do I want to allow it.

That has saved my bacon at least once in the past.

There are other programs out there that will do something similar.

The best advice is to not click on links if you can help it.

For Firefox, the script blocker “NoScript” and “Scotty the Watchdog” have kept me out of trouble surfing the internet for years. I don’t even use an anti-virus program because I don’t think a virus can successfully install itself on my computer with my current setup. Of course, one also has to use a little common sense.

No one.
Reply to  Dodgy Geezer
June 18, 2020 9:41 am

I received an email, supposedly from my email provider, that I was over my storage limit and that there was a solution. This was a year or so ago, and it read wrong, so I just deleted it. More recently I received another one, and decided to look at it closely to see if there was anything obvious.

I looked at the source. First indication is that it had passed through multiple providers instead of directly to me. You would think an email from your provider wouldn’t do that.

I kept looking. Buried in the middle was an web address ending ‘.ru’. Dead give-away.

Richard Patton
Reply to  Dodgy Geezer
June 18, 2020 10:36 pm

Usually, my first clue is the e-mail address, which doesn’t match the company it is purported to be from. For instance, I got a “delivery confirmation” supposedly from Amazon for a $1500 home theater to an address in California. The domain was delievery-confirmation.com and the notification was formatted completely differently from Amazon’s confirmation. It also had in several places a note that if the order was in error to call a certain telephone #. Amazon’s notifications do not have that notification.

Just Jenn
June 18, 2020 4:12 am

AOL still exists? Really? /sarc

Love the language in that email, specifically derived to make anyone that follows rules and regulations shameful and nervous enough to click on the link.

Copywrite issues are not worded this way–I should know, I have been on the receiving end of a Cease and Desist for honestly something quite innocent, but it offended the lady that thought I stole it(I didn’t, and I was more successful than her at the time in my small sphere and she knew it….but she was angry at more than the use of a word string).

Steve Case
Reply to  Just Jenn
June 18, 2020 6:47 am

AOL still exists? Really? /sarc

I haven’t had trouble with my name associated with AOL for a long time. People used to associate me with that guy who is in the top ten of Hawaiian land owners but not for a long time now.

Reply to  Just Jenn
June 18, 2020 7:12 am

Copyright, not copywrite. The issue is the rights authors have to their works, not what they can write about.

Just Jenn
Reply to  Ric Werme
June 19, 2020 4:46 am

LOL, thanks, I completely missed the spelling error

Tom Abbott
Reply to  Just Jenn
June 18, 2020 9:05 am

“AOL still exists? Really?”


I still have my AOL account. I got one with my real name on it (that means I got there real early).

I remember having to call long distance to connect to AOL on a 28k modem. I don’t use it much now, I just log in occasionally. AOL used to charge a monthly fee, but now they give it to me free.

America Online.

Gunga Din
Reply to  Tom Abbott
June 18, 2020 3:46 pm

Me too.
One of my security things sent me a warning several years ago about “suspicious activity” so I changed the password I used “back in the dial-up days” to something I HAD to write down to remember it. (Glad I have one of those “password managers”!)

Jeff Alberts
Reply to  Tom Abbott
June 19, 2020 12:44 pm

When AOL changed their name from PCLink/AppleLink/etc to AOL, I believe the fastest speed available for public access was 9600, might have been 2400, my memory is a little fuzzy on that one.

You would have been using the dial up service that I worked for at the time, Telenet. It was actually the world’s largest X.25 network at the time.

I had a few meetings with a couple folks at AOL to work out their connection scripts for the new software. Then, a couple years later, their data center was built up the road from where I lived, Ashburn, VA. I think they called that little are Dulles, VA.

MCI/Worldcom also had their world HQ in that same area, shortly after, they went under, and that huge new building sat empty for years.

June 18, 2020 4:18 am

Download it right now and check this out for yourself.

There’s a dead give away.

You should just be able to go there and look at it. Why should you have to download anything? (You shouldn’t. Don’t do it.)

June 18, 2020 4:27 am

Oh, I’ve seen this repeatedly. Someone picks up a name from a list of names, uses that as a ‘sender name’, and tries to fool me, when all I have to do is put the pointer on the “familiar’ name to find out who the sender really is. They all end up in junk mail, labeled ‘phishing’. Bunch of scumbags, nothing else.

June 18, 2020 4:38 am

I see these all the time, I’ve had the same email addresses for a very long time.

A few things – “ It’s unlawful to use stolen images and it’s so nasty!”, this sort of childish sentence structure is usually a dead giveaway. There are also usually poor word choices (Thank you, Google Translate!), poor grammar, and other telltale signs.

If you have to open some kind of file to see what they are complaining about, don’t do it. S link can take you right to your page, and any questionable art/images, unless, of course, it doesn’t go to your website, another dead giveaway.

If there’s an attached file, and you weren’t expecting it, those are often fake. If it comes from a known sender, check with them prior to opening it. Most have malicious code, links, or other means of infecting your machine.

I’m sure many of us know this, but a commenter asked “Where’s the image?” There is none, it’s all a vague effort to get you to open an infected file, there is no actual grievance, the sender likely doesn’t even know where this thing has been sent.

June 18, 2020 4:56 am

You can analyze questionable emails, attachments and URL’s at https://www.virustotal.com/.
An Alphabet owned company, this site will run links and files through 60+ virus engines.
Great for finding new Zero-day malware and other nasties.

Eric Vieira
June 18, 2020 5:14 am

Hackers are very keen to use macros on MS-office applications. Few scanners examine office macros, they’re cross platform compatible (OSX, Windows, Linux) and most people use MS-office software.

As mentioned above, never click on a link in an email.

Håvard Furulund
June 18, 2020 5:29 am

BTW: Melika (or Meleca) is the word for snot in portoguese. 😉

Right-Handed Shark
June 18, 2020 5:45 am

I use a program called MailWasher, it looks at your emails on the server and is pretty good at identifying spam and malware and flags it up as such. You can then mark anything “iffy” for deletion, or bounce it back to where it came from before downloading legit emails.


This is NOT a paid promotion 😀

Reply to  Right-Handed Shark
June 18, 2020 6:49 am

Actually you can even spoof a valid link like this one. The “a” tag allows you to rename a link, so you can put out a damaging link and have it display as a valid one. The best thing in to right click the link and click the “inspect” option to make sure what is displayed is what if referenced in the href= parameter before you click it if you don’t know to trust it.. or just don’t click it if you aren’t sure.

The great thing about WUWT is a lot of the posters are known to us all and the board is moderated. Heck, you can even trust Steven Mosher’s links, just not necessarily the information behind it 🙂

Reply to  rbabcock
June 18, 2020 8:20 am

rbabcock, yes, I found that out when spammers sent me threatening emails from seemingly my own email address. Alittle searching & questions helped me determine that it was a spoof & where it actually came from (of course that site might have been a spoof too).

Reply to  rbabcock
June 18, 2020 8:26 am

Yes, I’d prb’ly even trust Stokes’ links. 😉

Federico Bär
Reply to  Right-Handed Shark
June 19, 2020 10:29 am

@Right-Handed Shark: This seems to be useful, thanks for the suggestion. Of course I do not doubt your good intentions but, supposing I did, how can I be sure that your link takes me to a bona fide site?

June 18, 2020 8:13 am

Hmm. Would this malware have worked on Linux (from which I’m posting)?

Toby Nixon
June 18, 2020 8:32 am

The bastards!

June 18, 2020 8:39 am

Lately I’ve been getting emails “from” Netflix telling me they couldn’t process my payment for (fill in present month) and of course I need to click on something to get it straightened out. Riiight. Even if I HAD a Netflix subscription, which I don’t, and won’t, I’m not that stupid. I just report it as phishing to the email provider and delete.

I also get them from other supposed companies which I DO have accounts with, but since I gave a totally different email address to them (plus I KNOW they never send emails like that), I first report the emails to the company they’re imitating (such as a bank), since I think they’ll be interested (I doubt Netflix gives a rat’s rear). THEN I report them as phishing to my email provider.

Even if I think the email MIGHT be ligit, I go directly to the proper website to check. I NEVER click on links in an email I’m not expecting, no matter how trustworthy it might look.

Reply to  Barbara
June 18, 2020 11:16 am

How do you reporting phishing to Yahoo email provider?

Jim Olson
June 18, 2020 8:56 am

Charles, This is info is most enlightening, helpful and appreciated.
Thanks for posting.

Tiger Bee Fly
June 18, 2020 10:44 am

Sue THIS! (indicating both extended middle fingers)

Laws of Nature
June 18, 2020 11:11 am

Melware attack!?

Joz Jonlin
June 18, 2020 11:38 am

I have no reason to be extremely careful. I’m very aware of the sites I visit or files I download. If I have any doubt whatsoever about something, I use a Sandboxed version of Windows 10 to browse or open files. It doesn’t matter what it is or how nasty it is, once I restart my sandboxed version of Windows, it all goes away. This is highly recommended for kids browsing the internet or senior citizens who have no idea what they’re doing online. It’s not difficult to implement and it’s simple to fix if you get something nasty. Problem solved.

June 18, 2020 12:59 pm

I must say that throughout the years I have been greatly relieved to know that someone with an English accent of India named John, or a friend of his, has called me on the phone to personally warn me that my computer has a virus & is ready to help me fix that.

Reply to  gringojay
June 18, 2020 10:22 pm

Hmmm, I get calls and E-Mails from Bob in the Phillipines (but he says he’s in New York).

Pat from kerbob
June 18, 2020 1:28 pm

I’ve been around and published long enough that I have a couple Nigerian scam letters, postmarked and delivered from Nigeria back in the 90s.
Been online forever, using credit cards and have never been compromised yet.
Never click a link or attachment from unknown address
Never with emails from government or law enforcement
If I get something from someone I know I will send them a separate email or text asking if they sent it or if they were hijacked.

I think it should be like the environmental fee we pay when we buy tires, when you pay for some web connected device you pay $10 into a kitty used to pay people to track and eliminate these scammers.
Pure criminals, eliminate them

Lewis P Buckingham
June 18, 2020 1:54 pm

My site had a similar message. I sent it to ScamWatch
We always look for pictures in the open domain before publishing.
Recently I was sent one that advised that a whole lot of scammers had been caught and the IMF was sending me $US 850000, all I had do is click on the link.
If the US does not have a Scamwatch it would be worth setting one up.
With AI now the scammers are more organised.
My theory is that rather than deleting first, I send the scammers to scamwatch and then delete.
This means that group will eventually leave me alone, if their AI is any good.

High Treason
June 18, 2020 2:49 pm

Luckily, most of the criminals are not good at writing letters. The wording of scams is typically very amateurish, alerting the BS meters.
If in doubt, I will put the name of an organisation and “scam “on the browser as a quick check.
For phone based scams, I go to reverse Australia. Enter the number and it will often be reported as a scam. Then block it on the phone.
I once had such a scam number ringing all day via a phone diverted to my phone-over 35 times during the day, interrupting my work-completely bogged my message bank. One time though when I was thinking of ignoring it, the call was from a senior member of Parliament-a call I had been hanging out for. Luckily the patient in the chair was also a fan of the said political figure and it was time for a break anyway.

June 18, 2020 7:24 pm

When you have so many people in lockdown with no work, this type of thing would be expected.

They are like locusts.

Patrick MJD
June 18, 2020 8:02 pm

Any image that is published on the web is free and fair game IMO. As long as you are not claiming it to be yours or making money from it. But is AOL still a thing?

John Endicott
Reply to  Patrick MJD
June 22, 2020 4:23 am

Publishing it, even on the web, does not negate copyright. Enforcing copyright on the web, on the other hand, is pretty much a game of whack the mole. Scammers see that and view it as an opportunity to scam.

Tom Abbott
Reply to  observa
June 19, 2020 3:56 am

Yes, it looks like the Chicoms are trying to make an example out of Austrailia.

Let’s make sure the Chicoms learn they can’t intimidate Australia. I think Trump is more than willing to help in this endeavor.

The other nations in the region should be helping Australia, too, because they are going to be the next on the Chicom’s list, if they don’t.

June 19, 2020 4:57 am

Thanks for the heads up on the scam.
I’ve seen the same images on public domain image sites that one has to pay for elsewhere. Not sure if someone is using the free photos for profit or what. I’ve posted a few freebies myself. I try to use my own pics or public domain images – those from the DNR, National Parks, etc.

June 19, 2020 5:25 am

Mind you I think the snowflake generation should stick to sexting which will please the zero population crowd no doubt-
If this keeps up the grandkiddies aren’t going to know what snowflakes means but a glimmer of light appears down under-
Screw the usual suspects ScoMo.

%d bloggers like this:
Verified by MonsterInsights