Is this a scam?

[Nebu]

Got this in an email with attachments this evening.  It smells of scam (poorly written and wants me to open attachments). Highlighted one obvious poor word choice.

CEASE AND DESIST DEMAND
Pursuant to Title 17 of the United States Code and International Copyright treaty

VIA CERTIFIED MAIL AND EMAIL

February 20, 2016

This law firm represents Digital Canvas Inc. If you are represented by legal counsel, please direct this letter to your attorney immediately and have your attorney notify us of such representation.

We are writing to notify you that your unlawful use of copyrighted infographic chart infringes upon our client's exclusive copyrights.  Accordingly, you are hereby directed to

CEASE AND DESIST ALL COPYRIGHT INFRINGEMENT.
All copyrightable aspects of the infographic chart are copyrighted under United States copyright law and Digital Canvas Inc. is the owner of such copyright. Under United States copyright law Digital Canvas Inc.'s copyrights have been in effect since the date that the material was created.

One of your student has bought this to our attention and provided necessary evidence, that you have been using our client's infographic chart within your classroom material. Evidence includes photos of you presenting the unlawfully copied infographic chart in a classroom. We have also obtained and preserved as evidence, a copy of your presentation slides which contain an unlawful copy of our client's infographic chart [see attachment]. Your actions constitute copyright infringement in violation of United States copyright laws.  Under 17 U.S.C. 504, the consequences of copyright infringement include statutory damages of between $750 and $30,000 per work, at the discretion of the court, and damages of up to $150,000 per work for willful infringement.  If you continue to engage in copyright infringement after receiving this letter, your actions will be evidence of "willful infringement."

We demand that you immediately (A) cease and desist your unlawful copying of our client's infographic chart and (B) provide us with prompt written assurance within ten (10) days that you will cease and desist from further infringement of Digital Canvas Inc.'s copyrighted works.

If you do not comply with this cease and desist demand within this time period, Digital Canvas Inc. is entitled to use your failure to comply as evidence of "willful infringement" and seek monetary damages and equitable relief for your copyright infringement. In the event you fail to meet this demand, please be advised that Digital Canvas Inc. has asked us to communicate to you that it will contemplate pursuing all available legal remedies, including seeking monetary damages, injunctive relief, and an order that you pay court costs and attorney's fees. Your liability and exposure under such legal action could be considerable.

Before taking these steps, however, my client wished to give you one opportunity to discontinue your illegal conduct by complying with this demand within ten (10) days. Accordingly, please sign and return the attached Agreement within ten (10) days to

Traverse Legal, PLC
810 Cottageview Drive, G20
Traverse City, Michigan, US 49684
Fax: (310) 932-0411
Consult the attached documents for further information about Digital Canvas Inc.'s copyright claim and infringement details. If you or your attorney have any questions, please contact me directly.

Sincerely,

Brian A. Hall

I'm thinking I'll wait and see if something comes certified mail.  I honestly can't think of a single infographic I've used in a lecture, unless it was as a joke or a bad example of something.

[Trippy]

Sounds like a scam. If you have access to a burner computer you can save the attachments to there and run a virus scan on them to confirm.

[MahrinSkel]

Traverse Legal PLC exists, and does appear to have a Brian Hall on staff, and does focus on IP law. So it is possible it's legit. I'd wait for the certified letter, or try opening the attachments on a tablet I could easily revert to factory defaults.  Well, actually I'd use the same sandboxed virtual machine running an emulation of an Android tablet I use when checking out trolls and hackers, but since you're probably not used to checking out places that make you want to drop your hard drive in acid, reverting a tablet is the next-easiest way.

--Dave

[Pennilenko]

Do what I do and open sketchy stuff in a virtual machine with a trial edition of windows installed on it.

[Nebu]

Traverse Legal PLC exists, and does appear to have a Brian Hall on staff, and does focus on IP law. So it is possible it's legit. I'd wait for the certified letter, or try opening the attachments on a tablet I could easily revert to factory defaults.  Well, actually I'd use the same sandboxed virtual machine running an emulation of an Android tablet I use when checking out trolls and hackers, but since you're probably not used to checking out places that make you want to drop your hard drive in acid, reverting a tablet is the next-easiest way.

--Dave

That was my initial thought.  Consider it a scam until a certified letter arrives. 

The email it came from was from transverse-legal.com and their site is transverselegal.com.  That was my first hint this may be a scam.

[Venkman]

Quick whois:

Domain Name: TRAVERSE-LEGAL.COM
Registrar: ENOM, INC.
Sponsoring Registrar IANA ID: 48
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DOUG.NS.CLOUDFLARE.COM
Name Server: ZOE.NS.CLOUDFLARE.COM
Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Updated Date: 23-jan-2016
Creation Date: 23-jan-2016
Expiration Date: 23-jan-2017

VS:


Domain Name: TRAVERSELEGAL.COM
Registrar: NETWORK SOLUTIONS, LLC.
Sponsoring Registrar IANA ID: 2
Whois Server: whois.networksolutions.com
Referral URL: http://networksolutions.com
Name Server: NS17.WORLDNIC.COM
Name Server: NS18.WORLDNIC.COM
Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Updated Date: 30-aug-2012
Creation Date: 04-jan-2004
Expiration Date: 04-jan-2018

I therefore agree with the open-in-sandbox mode, if it sounds halfway plausible. Otherwise, ignore until the letter comes.

[Kail]

The email it came from was from transverse-legal.com and their site is transverselegal.com.  That was my first hint this may be a scam.

Did they spell the name of their company wrong or are people in this thread mixing Traverse with Transverse?

[MahrinSkel]

One thing that stands out is that they don't identify the client and leave the description of the 'infringing material' to a vague 'infographic' description. In my experience, a C&D for copyright/trademark infringement is usually *very* specific on what the infringed material was, how you mis-used it, when/where it occurred, and who is asserting the IP ownership.

Of course, it would also be pretty unusual to go after an educator, as generally they have a pretty good affirmative 'fair use' defense, and no money to pay a settlement. But I'm not a lawyer.

--Dave

[TheWalrus]

Seconded on Mahrin, very specific. Don't ask how I know. Whee. 

Also, do the bold thing, and open it on someone elses computer

[Merusk]

Yep, they'll tell you EXACTLY what you're infringing on and be very clear about it so you can't say you weren't informed later. Even a quick Google search for a form letter shows this is woefully lacking in information. If there's one thing real lawyers hate it's writing down specifics, right?

 http://thompsonhall.com/cease-desist-letter-template-example-sample-forms/#copyright

Also, Digital Canvas, Inc. of where? There's one in Houston and one in Florida at least. With such a generic name I'm sure there's more.

I wouldn't give it a second thought unless, y'know, you've been stealing infographics off the web and using them in lectures recently.

[sj557]

I am a college teacher and got exactly the same message last night around the same time. So apparently we both stole some infographic charts from Digital Canvas, offended two students, and they both reported us to Brian Hall.

[Khaldun]

Sounds really sketchy, yes. Even *if* it's actually a copyright troll it's sketchy, but another kind of sketchy.

Also DMCA requests about academic staff tend to get sent to IT departments or to Provost offices, not to the individual alone. Same for students.

I also disbelieve that there's students who are just smartphone picturing infographics in lectures and sending them to law firms.

[Mandella]

You might also want to warn the rest of your department (or heck, the entire university) to be on the lookout for this scam.

And I agree. Scam.

Odd that no one has mentioned it yet, but you could check with the actual legal firm the letter appears to be spoofing, just to be sure.

[Nebu]

You might also want to warn the rest of your department (or heck, the entire university) to be on the lookout for this scam.

And I agree. Scam.

Odd that no one has mentioned it yet, but you could check with the actual legal firm the letter appears to be spoofing, just to be sure.

I'm going to do this monday and send a copy to legal. 

I'd like to thank everyone that responded for taking the time. 

[Chimpy]

You are not required under the DMCA to do anything but stop the infringing activity within ten days of when you receive a takedown notice. Them asking you to send them something in writing is an attempt to get you to admit to some wrongdoing, likely so that they can use it to sue you for damages or get you to settle.

Send it to your campus IT abuse folks and the provost office.

[Sky]

Whenever I suspect anything that has a legit business front, I just contact the business directly. Chase send me links to click in the email without a 'or just go to this address' option, so I contacted their fraud unit and reported them for poor security procedures :) Turned out the fraud was real, but the fraud dept's email just sucked so bad /it/ looked fraudulent.

[jgsugden]

Ask university legal to contact the attorney to give them a head's up that someone is scamming using their name. In the unlikely positivity this is real, you don't want to talk to the atone directly.

[stljtrojan]

I also received this e-mail last night. I was able to open the attachment and found that the "Agreement" form they want me (us) to fill out is unreadable. When you open the pdf you get a warning that the proper font needs to be downloaded and the form is therefore in square wingdings. At the bottom of the form are two attached documents that are extremely fuzzy. I can read that the first form is dated from 2002 and talks about "Exhibit A" and took place in Panama City, FL. The second one looks more official and does list Digital Canvas Inc. on the top and has a date of 2012 but is too fuzzy to make out.

I have notified IT at my university because I think it is a scam for many of the reasons you all are saying as well as others (e.g., Michigan firm address listed but California Fax number).

I am rather relieved to see I am not the only one who received this e-mail because it did freak me out last night.

[Nebu]

Got this email from my college dean this morning.

Several of you have reported receiving an e-mail from a company called Traverse Legal stating that you have violated copyrights.  The e-mail states that it is from a lawyer called Brian Hall, and the e-mail has a zipped attachment.  If you receive such an e-mail, do not open the attachment.  We are unsure if it contains malware or viruses, and we are also not sure if this company is legitimate.  The e-mail has been turned over to University Counsel, who is looking into the situation.  If you do receive the e-mail, please let your chair know about it.  As we find out more, we will let you know.

[Artemis]

Yes, it is absolutely a scam. I received the same email on February 20th as well (I am a university professor).

Some research reveals that although the company is real, the fax number has been altered (the actual number is 231-932-0411, not 310-932-0411 as provided), the attachment is spurious, the cease and desist letter is plagiarized from http://thompsonhall.com/cease-desist-letter-template-example-sample-forms/, the email address is a fake (sending a dummy email to hall@traverse-legal.com returns error 554-550 "unknown recipient), and the only original line of the email ("One of your student has bought this to our attention and provided necessary evidence, that you have been using our client's infographic chart within your classroom material") has typos. The email does not address you (or me) by name, and does not provide dates or information regarding the "violation."

Brian A. Hall's LinkedIn account was also only created in the last few weeks of January 2016.

I forwarded it to our IT department. Mine shows an IP address indicating it was sent from on-campus (in Maryland).

Hope that helps!

[stljtrojan]

Got this email from my college dean this morning.

Several of you have reported receiving an e-mail from a company called Traverse Legal stating that you have violated copyrights.  The e-mail states that it is from a lawyer called Brian Hall, and the e-mail has a zipped attachment.  If you receive such an e-mail, do not open the attachment.  We are unsure if it contains malware or viruses, and we are also not sure if this company is legitimate.  The e-mail has been turned over to University Counsel, who is looking into the situation.  If you do receive the e-mail, please let your chair know about it.  As we find out more, we will let you know.

Glad to hear! I haven't heard from my university or my department chair yet but I'm glad your university has been in contact.

[stljtrojan]

Yes, it is absolutely a scam. I received the same email on February 20th as well (I am a university professor).

Some research reveals that although the company is real, the fax number has been altered (the actual number is 231-932-0411, not 310-932-0411 as provided), the attachment is spurious, the cease and desist letter is plagiarized from http://thompsonhall.com/cease-desist-letter-template-example-sample-forms/, the email address is a fake (sending a dummy email to hall@traverse-legal.com returns error 554-550 "unknown recipient), and the only original line of the email ("One of your student has bought this to our attention and provided necessary evidence, that you have been using our client's infographic chart within your classroom material") has typos. The email does not address you (or me) by name, and does not provide dates or information regarding the "violation."

Brian A. Hall's LinkedIn account was also only created in the last few weeks of January 2016.

I forwarded it to our IT department. Mine shows an IP address indicating it was sent from on-campus (in Maryland).

Hope that helps!

That helps a lot! I didn't even think about sending an e-mail back to see what would happen.

[Teleku]

Now forward it on to 20 other people or you'll have 7 years bad luck!

[Sky]

This is how we bring new blood to f13 in 2016, I guess. We're relevant!

[Nebu]

This is how we bring new blood to f13 in 2016, I guess. We're relevant!

You're welcome!

[Soln]

Sounds like a phishing attempt to ransomware your school.  There have been a few hospitals and universities in the news lately having been held hostage.

[stefankran]

I emailed the attorney referenced. This is a scam or phishing, and not sent by Traverse Legal. If you can help in identifying the true source from which you received the original scam message, post it here and I'll forward to the real attorney.

[sorova]

We had this at the same time as you - we're in New-Zealand. So they are international.
We think the PDF maybe has a virus which downloads. You open it and there is rubbish - it says it has the wrong font and you need to download legal fonts.
You click and that's it!! I am not entirely sure though if it is a virus. If anybody knows let me know! Also there are two images which are blurred which seem to be of a copyright thing which is signed. It is obviously not mean to be read. The man exists but the email is wrong as has been pointed out. Can you find his real email ?
If it wasn't a virus I cannot see the point. I thought at first they wanted your signature but the document is scrambled. It has a few clickable links which go to the US copyright pages - legal stuff.

[MahrinSkel]

Could be a test run, "How many people will download dodgy stuff if we couch it in legalese?" Or identifying specific people, if the download is keyed and connecting them to an IP address (like spam single-pixel markers). But the most likely possibility is that a particular version of viewer on a particular OS is vulnerable to an exploit in downloading that font.

--Dave

[Zetor]

Yea, sounds like a spear phishing attempt. Thing is, PDFs can contain (almost) anything, from Javascript to executables to Flash (etc), all of which can do bad stuff to your machine in various ways.

You can upload it to a malware analysis site like this one (in private mode if it has any personal information). Note that even if that doesn't find anything, it doesn't guarantee the PDF is clean... it may be using a 0-day exploit, f'rex. There are also a few tools for analyzing PDFs if you really want to do it on your own.

e: if you still haven't opened it, good -- don't open it on a real computer (using a virtual machine or something like an unimportant tablet is fine). If you already opened it, follow Mandella's advice below: ask the IT folks to scan the machine for malware, rootkits and whatnot.

[Mandella]

I would suggest, if you are a professor at a university, have one of the IT staff look over your machine if you opened the pdf. If for no other reason than to cover your arse, so to speak.

As has been pointed out, even if the "fonts" were not downloaded, pdfs themselves are not entirely safe...

[stefankran]

From Brian Hall:
From: Brian A. Hall
Sent: Monday, 22 February 2016 3:03 a.m.
Cc: Brian Hall
Subject: SCAM Alert from Traverse Legal, PLC
 
I did not send the email you received related to “alleged copyright infringement violations inside classroom.”  It appears to be a SCAM.  Please do not open the attachment.
 
My email address is not (hall@traverse-legal.com) and the fax number listed is incorrect.  Traverse Legal, PLC does not represent Digital Canvas Inc.  
 
Unfortunately, it appears someone is using my name and purported firm information without our permission.
 
I will note that I was as shocked as you to receive notice of this.  I apologize for the inconvenience, and we hope to identify the individual(s) behind this in order to take appropriate action.  To that end, we have already begun the process of a police report and investigation.  To the extent you receive any additional information, especially any personally identifiable information about the sender, please let us know so we can use it to assist us with our investigation.
 
Thanks,
 
Brian (the real one)
 
________________________________
Brian A. Hall, Attorney
Traverse Legal, PLC d/b/a Hall Law
traverse.legal
traverselegal.com

[MahrinSkel]

Just FYI: Might want to edit that to obscure his real email address.

--Dave

[Torinak]

Yea, sounds like a spear phishing attempt. Thing is, PDFs can contain (almost) anything, from Javascript to executables to Flash (etc), all of which can do bad stuff to your machine in various ways.

You can upload it to a malware analysis site like this one (in private mode if it has any personal information). Note that even if that doesn't find anything, it doesn't guarantee the PDF is clean... it may be using a 0-day exploit, f'rex. There are also a few tools for analyzing PDFs if you really want to do it on your own.

e: if you still haven't opened it, good -- don't open it on a real computer (using a virtual machine or something like an unimportant tablet is fine). If you already opened it, follow Mandella's advice below: ask the IT folks to scan the machine for malware, rootkits and whatnot.

The PDF is probably clean--it's the downloaded "font" that'll be the malware payload, or that will in turn trigger it. That method has been used as an attack vector for at least 4 years--it can exploit vulnerabilities in the default PDF app (usually an Adobe product which seems to have a never-ending stream of really bad security vulnerabilities), in the font-rendering subsystem of the operating system, bugs in the display adapter (bad graphics drivers), compression libraries, or more. The end result is usually to trigger a download of the real malware payload which then installs ransomware or a rootkit.

[Hammond]

Yea, sounds like a spear phishing attempt. Thing is, PDFs can contain (almost) anything, from Javascript to executables to Flash (etc), all of which can do bad stuff to your machine in various ways.

You can upload it to a malware analysis site like this one (in private mode if it has any personal information). Note that even if that doesn't find anything, it doesn't guarantee the PDF is clean... it may be using a 0-day exploit, f'rex. There are also a few tools for analyzing PDFs if you really want to do it on your own.

e: if you still haven't opened it, good -- don't open it on a real computer (using a virtual machine or something like an unimportant tablet is fine). If you already opened it, follow Mandella's advice below: ask the IT folks to scan the machine for malware, rootkits and whatnot.

The PDF is probably clean--it's the downloaded "font" that'll be the malware payload, or that will in turn trigger it. That method has been used as an attack vector for at least 4 years--it can exploit vulnerabilities in the default PDF app (usually an Adobe product which seems to have a never-ending stream of really bad security vulnerabilities), in the font-rendering subsystem of the operating system, bugs in the display adapter (bad graphics drivers), compression libraries, or more. The end result is usually to trigger a download of the real malware payload which then installs ransomware or a rootkit.

There is also another flavor of these where they have a link to another site embedded in the PDF. They have been targeting companies purchasing departments for years with that scam and the one that Torinak mentioned above.