How to Defeat an AI-Powered DMCA Scam

On April 13, Ben Dickson at The Next Web received an email from a lawyer with the name Nicole Palmer with the subject “DMCA Copyright Infringement Notice”.

The letter was courteous and said that Dickson had used an image without permission. They were happy to have the image used, but simply wanted attribution back to the source. 

Dickson, however, began to investigate and found that he had obtained the photo from a free stock photo site, one that doesn’t require attribution. When he followed up, he never received a response.

That didn’t stop his investigations, as he realized that the law firm and the lawyer were both fake. Though the “firm” had a realistic-looking domain with all the information one my expect, the firm didn’t exist and the “lawyers” were actually AI-generated faces.

Dickson then reached out to the client, who denied any relationship with the fake firm. This caused the website to go down and seemingly bring an end to this particular.

However, this is far from the only DMCA scam out there. As we discussed in March 2021, many scammers are turning to fake copyright notices as a way to extort money, push malware, obtain backlinks (as in this case) or obtain personal information. 

But the AI element adds a new layer to this scam. Between the legitimate-looking website and the AI-created faces, the scammers are getting smarter. As such, we have to be smarter about how we respond to these kinds of notifications.

Spotting the Mistakes

As someone who sends a large number of DMCA notices as part of his work, Immediately see a large number of strange things in the original notice.

First, the subject of DMCA Copyright Infringement Notice is strange. It’s not a DMCA notice, a DMCA notice requires six separate elements, almost none of which are in this email. Furthermore, DMCA notices are sent to the hosting provider of a website, not the website owner. For example, if I’m sending a DMCA notice regarding a site hosted on GoDaddy, the notice goes to GoDaddy, not the website.

But neither of these things alone are that peculiar. Many DMCA notices are cc’d to webmasters, and it’s at least conceivable that a lawyer (or at least someone posing as one) might include the letters “DMCA” in the subject line to make sure the email gets attention. 

However there are still other oddities. The fake lawyer identifies herself as a trademark attorney, but is handling a copyright issue. It refers to the Wayback Machine as a “permanent public archive” though it is far from that

The letter also makes reference to a “DMCA legal case”, which is simply not a thing. It would be a copyright infringement case. 

Also, something that Dickson noted, it points to an Imgur link as the original rather than somewhere with greater proof of ownership.

However, the biggest issue I see is that the letter just isn’t written like a lawyer or even anyone in the legal field. It broadly misuses terms, misunderstands how the law works. Simply put, I would expect a very different tone and style from an actual lawyer.

The fake website also had some issues on closer examination. For example, one section claims that the firm as “13 Years of Legal Lawyer Professional Experience”, which is a pretty nonsensical sentence. However, much of the website is written in a way that sounds like legal speak, but without making any real sense. Most likely, it was written through some sort of automated process, whether scraping and spinning or through AI writing.

But while these mistakes are fairly obvious to me (and I’m sure others familiar with the DMCA process or the legal system broadly), they aren’t going to be as obvious to laypeople who may be having their first brush with copyright law or even their first legal threat ever.

For those individuals, this could be a very scary letter and, when you consider it’s backed up by a full website and AI-generated lawyer faces, it’s easy to see why many could be fooled by it.

How to Avoid the Scam

Dickson was able to thwart the scam in large part because he carefully sources his images. Either seeking out public domain licensed images or stock photos from libraries he has legal access to. 

By knowing where his image came from and finding it quickly, he thwarted the scammer and, in turn, begin his very detailed and thorough investigation (which is well worth a read as it shows off many of the techniques used to catch scammers and infringers alike).

If you know where your images come from and that you are using them correctly and legally, scams like this shouldn’t be able to get you. It’s that simple.

Failing that, the rest of the advice that I gave last year still applies. Don’t click any links in the letter (many are simply malware traps), search for the text of the letter itself to see if others are talking about it, and search for not just the law firm, but the party making the claim.

If you can’t determine the legitimacy of the letter, talk with an attorney about it. They can help you analyze the letter and determine its legitimacy. A very short conversation can save you a lot of headaches down the road.

Ultimately, it’s better to be safe than sorry, but safe should involve speaking with a lawyer first, not simply blindly complying with the demands of the letter. 

Bottom Line

If you want to know how far these scams reach, I’ve actually received one myself. Several years ago, I got a similar request for a spammy link on an image I used. When I found the image on Pexels, I contacted them to explain, and they never wrote back.

However, my letter didn’t come from a fake lawyer. It was just a random person sending me an “attribution request” for their photo. It’s obvious that, in the years since that, scammers have begun to ramp up both their scare tactics and deception. 

In the end, the best defense to these kinds of scams is understanding the law and knowing where you sourced your content. If you know where you got your images, it should be nearly impossible for someone to fool you in this manner.

But these scams aren’t meant to fool the knowledgeable. They target laypeople that they hope won’t be able to spot a questionable copyright claim, especially if it’s backed by a shoddy but professional-looking website and a bunch of AI-generated faces.

So be careful out there, be aware that this is happening and be careful not to panic when you receive a claim of copyright infringement, it’s quite possible that it’s just a scammer wanting you to link them or give them money. Nothing more.