In the past week, we have received 2 reports from clients about a malicious scammer named "Mel" ("Mellie" in one case and "Melina" in the other) filling out their website form, and very aggressively claiming copyright infringement.
The email arrives via your website contact form and accuses you of using copyrighted website images and asks you to click on a link to see the list of the images that are in violation. (DON'T CLICK THE LINK.) The writer threatens to file a complaint with your hosting company and sue you.
The text of the first scam phishing email was:
Hello there!
This is Mellie and I am a qualified illustrator.
I was baffled, frankly speaking, when I came across my images at your website. If you use a copyrighted image without my approval, you need to be aware that you could be sued by the owner.
It's illegal to use stolen images and it's so nasty!
Take a look at this document with the links to my images you used at [website URL] and my earlier publications to obtain evidence of my copyrights.
Download it now and check this out for yourself:
[Redacted link to the phishing site]
If you don't delete the images mentioned in the document above within the next several days, I'll write a complaint against you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.
And if it doesn't work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.
Some of the professions the scammer is claiming to be include:
- Professional Photographer
- Licensed Photographer
- Experienced photographer and illustrator
- Qualified illustrator
And the sender is going by names similar to "Mel" including:
- Mel
- Melinda
- Melina
- Mellie
- Melisha
- Melaenis
- Melissa
- Melaida
- Melitta
- Melcia
- Meladia
- Melecia
- Meleena
- Melea
- Melangelle
- Melaina
- Melanka
- Melibella
- Melnikon
- Melane
The scammer uses different fake email addresses, fake phone numbers and variations on the last name, as well.
What is the Goal of this Phishing Scam?
The end goal of the scam isn't clear, but the immediate goal is to scare you and get you to click the link.
Clicking the link may take you to a file download or a website that may allow the hacker to seize control of your device (if your device is not protected by sufficient antivirus software to block it). It may take you to a phishing page asking you to enter more information, which you should never do.
The hacker may then be able to do one of the following:
- Hold your device hostage demanding a ransom
- Exploit having access to your machine to compromise your other accounts like email or banking
- Inject worms/viruses that infect your machine and use it to launch attacks against others
Take a look at how similar the wording is for the second email one of our clients received this week:
From: Mel [mailto:[REMOVED]]
Sent: Monday, August 3, 2020 12:02 PM
To: [REMOVED]
Subject: Why do you use my images for [REMOVED] without my consent! It's unlawfully! It violates my rights! You must remove images right now!From: Mel <[REMOVED]>
Subject: Why do you use my images for [REMOVED] without my consent! It's unlawfully! It violates my rights! You must remove images right now!Message Body:
Hi there!This is Melina and I am a experienced photographer and illustrator.
I was surprised, to put it nicely, when I came across my images at your web-site. If you use a copyrighted image without my consent, you need to be aware that you could be sued by the owner.
It's illegal to use stolen images and it's so nasty!
Take a look at this document with the links to my images you used at [REMOVED] and my earlier publications to get evidence of my legal copyrights.
Download it now and check this out for yourself:
[MALICIOUS URL REMOVED]
If you don't remove the images mentioned in the document above within the next several days, I'll write a complaint against you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.
And if it doesn't work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.
--
This mail is sent via contact form on [REMOVED]
How to Spot a Phishing Email
- Awkward Grammar: Look for awkward grammar and word usage such as "It's unlawfully!", in this case.
- Check Spelling: Bad spelling is also another red flag.
- Hover Over a Link to See the True URL (but NEVER click it): Phishing scams will try to hide the true URL to which the link leads. When you hover, you can see the true destination of the URL, regardless of what the link says.
- Be Suspicious of Unsolicited Attachments: Never click on or download an unsolicited or unexpected unusual attachment. Always be suspicious of this.
- Don't Let Them Intimidate You: Phishing email attempts frequently try to elicit an emotional response from you by using inflammatory or threatening language such as the threat to sue you and file a complaint with your host in this example. Another common tactic is to threaten that an account has been suspended or that you have committed a crime or are in violation of an agreement. Always be suspicious and take a beat before acting on any communication that uses threats.
Have you received a similar email via your contact form?
Since we've had 2 reports this week, we wanted to spread the word about this scam since it is using a fairly effective scare tactic to use against businesses. Let us know in the comments if you've received a similar phishing scam email via the contact form on your website.
Did you click the link?
Check out our resource page for what to do if you clicked the link in a phishing email.

I received this on Friday. My gut feeling was I was being scammed so I was pleased to see your article which my website builder forwarded when I queried it with him. I had clicked the link but quickly closed the page down – it took me to google docs – hopefully no harm done.
“This is Melane and I am a certified photographer.
I was baffled, putting it lightly, when I found my images at your website. If you use a copyrighted image without an owner’s approval, you must be aware that you could be sued by the copyright owner.
It’s not legal to use stolen images and it’s so mean!
Take a look at this document with the links to my images you used at [url removed] and my earlier publications to obtain the evidence of my copyrights.
Download it now and check this out for yourself:
[url removed]
If you don’t get rid of the images mentioned in the document above within the next several days, I’ll file a complaint on you to your hosting provider informing them that my copyrights have been severely infringed and I am trying to protect my intellectual property.
And if it doesn’t help, trust me I am going to take legal action against you! And I will not bother myself to let you know of it in advance.
Telephone: 12122319092”
Thanks for sharing what you received.
I got one of these today. I replied to the email and it bounced, so I contacted my webhost. While waiting for them to check some things I googled some of the content and found this post with very similar wording.
You are not allowed to use my images for [[DomainName]] without my permission! It’s illegitimate! This is a lawsuit against my rights! You must replace them out now!
Hello, This is Mel and I am a professional photographer. I was surprised, mildly speaking, when I saw my images at your web-site. If you use a copyrighted image without an owner’s permission, you should be aware that you could be sued by the copyright holder. It’s against the law to use stolen images and it’s so mean! Take a look at this document with the links to my images you used at [[DomainName]].com and my earlier publications to get the evidence of my ownership. Download it now and check this out for yourself:
The link looks like it goes to google drive…
Thanks for sharing
I’m a web developer and one of my clients received the exact email as Mark Johnson stated above. My client was really confused, as he is using only legally licensed imagery on his website. Of course I explained to him what was actually happening, and pointed him to this article – thank you Liz for taking your time to write it!
But what can be done, if you’re a website owner and want to prevent this from happening again?
On a WordPress-driven website, just install one of the many “Captcha” plugins which will protect the contact forms from being filled in and submitted by automated scripts. Otherwise (if your website is driven by other technologies/frameworks), you might wanna get in touch with the company or developer who built it, and ask them to implement human checking measures into all the website’s contact forms.
Hope this helps!
You’re welcome…thanks for the comment!
1st time receiving this yesterday. I was definitely concerned but wary.