Piracy Phishing Scam Targets U.S. ISPs and Subscribers

Home > News >

An elaborate "piracy" phishing operation is targeting U.S. Internet providers and subscribers. Scammers are using the name of anti-piracy tracking company IP-Echelon and rightsholders such as Lionsgate, to send fake DMCA notices and settlement demands to ISPs. U.S. law enforcement has been notified and is currently investigating the matter.

scamFor more than a decade copyright holders have been monitoring unauthorized downloads. Traditionally this resulted in harmless takedown notices, but increasingly, these warnings are bundled with automated “fines.”

Rightscorp and CEG TEK are the best known anti-piracy outfits employing this tactic, and this week another party appeared to have joined.

TorrentFreak was alerted to a takedown notice Lionsgate purportedly sent to a Cox subscriber, for allegedly downloading a pirated copy of the movie Allegiant. Under threat of a lawsuit, the subscriber was asked to pay a $150 settlement fee.

This request is unique as neither Lionsgate nor its tracking company IP-Echelon are known to engage in this practice.

When we contacted IP-Echelon about Lionsgate’s supposed settlement offer, we heard to our surprise that these emails are part of a large phishing scam, which has at least one large ISPs fooled.

“The notices are fake and not sent by us. It’s a phishing scam,” IP-Echelon informed TorrentFreak.

For a phishing scam the fake DMCA notice does its job well. At first sight the email appears to be legit, and for Cox Communications it was real enough to forward it to their customers.

Fake takedown notice


If an ISP is fooled, the rest of the scam is even more convincing, since Cox then treats the email as a regular DMCA takedown notice. This means that they forward it to their customers from an official Cox address.

In reality, however, the ip-echelon.report domain isn’t owned by IP-Echelon and the settlement money goes directly to the phishers.

IP-Echelon and its clients are not happy with having their names exploited in this type of scam. They are aware of the issue and inform us that U.S. law enforcement is currently looking into the matter.

Meanwhile, they suggest that ISPs carefully check the PGP signature before forwarding any notices to their customers.

“The case is being investigated by US law enforcement. IPE notices are signed with PGP for ISPs to check authenticity,” IP-Echelon said.

One Cox subscriber who received a notice inquired about the matter in the ISP’s support forums. She says she didn’t download the movie in question, and wonders if it could be a scam.

“I know your email, if real, said not to contact you but I am not sure what to do. I don’t want to give into a scam or if real pay for something I didn’t do,” the subscriber writes.

In response, a Cox representative confirmed that the email is real and explained that it was forwarded by the network security team. Apparently, the phishing scam was good enough to have the security experts fooled.

TorrentFreak alerted Cox to the fake notices but at the time of writing we have yet to receive a response. Whether any other ISPs have fallen for the same scam is unknown at this point.

It’s ironic that Cox is getting caught up in this. The ISP previous refused to forward these type of notices, even legit ones, to its customers. However, this policy was reversed after they lost their court case against BMG late last year.

In any case, Internet subscribers who receive a settlement demand from IP-Echelon, whether it’s for Lionsgate or another copyright holder, should alert their ISPs to this phishing scam.


Popular Posts
From 2 Years ago…