With hundreds of thousands of warnings already sent out, chances are that soon most French Internet users will know someone who has received one. Unsurprisingly, scammers are now riding the wave of publicity and uncertainty by sending out fake Hadopi emails which trick users into requesting more information about their ‘infringements’ which cost them money.
Since October 2010, the French government agency set up to police the country’s file-sharers have been busy sending out infringement warnings.
By early September 2011, ISP account holders on their first strike from Hadopi had swelled to 650,000, while those on their second numbered 44,000.
If Hadopi carry on at the current rate, by this time next year around one in 20 households in France will have received at least one warning, and it could be argued that most people will be aware of someone near to them having received one.
This kind of mass-awareness is a potential goldmine for scammers, and it hasn’t taken them long to swing into action.
Internet users have just started receiving emails which claim to be from Hadopi. The emails clearly state that the account holder in question is guilty of copyright infringement.
“Your internet access has been used to make available, reproduce or provide access to cultural works protected by copyright,” says the email.
“This use may have been made without your permission or without your knowledge, perhaps even by an untrained user. But in any case, as the holder of the subscription to the Internet, you are legally responsible for the use made of it,” it continues.
“You must ensure that your Internet access is not subject to misuse, taking every precaution to secure it. This is a legal requirement, sanctioned by the courts.”
The email then invites the user to follow a link where they are presented with the Hadopi website. Except it’s not, it’s a clever fake.
As noted by Marc Rees on PCInpact, genuine warnings contain “no clickable link, no proposal to purchase software, no request to pay a sum of money and no proposal to connect to a personalized space on the website.”
The fake page is sitting on the server of what appears to be a legitimate online store. They have almost certainly been hacked and are unaware of the problem.
The Hadopi imposter pulls in real pages from the official Hadopi resource when required so that users are drawn in by the apparent authenticity. The sting in the tail, however, comes from a custom page from where the scam takes place.
“To access your file please have the file number, access code and the confirmation code ready,” the page explains.
“To get the access code by SMS: Send CODE to 81083. For the confirmation code by SMS: send CODE to 81015. To get the access code by phone: call the following number: 0899 230 141. Confirmation code by phone: call the following number: 0899 230 148.”
Of course, these are premium numbers that could leave a nice dent in a caller’s cellphone account although we’re not about to call them to find out exactly how much. TorrentFreak discovered that these SMS numbers have previously been used for another scam where people are offered access to warez.
In another sign that the fake Hadopi page is indeed fake, the only link disabled is the one to the real Hadopi site which shows users how to detect if an email they received is a scam.
Update: The fake site has been taken down and the number has been blocked by the authorities, but will no doubt reappear on another compromised server with a new number in due course.