Do you know what a phishing email looks like? Some are easy to spot and others require a little investigation. In this post, I’ll share a recent phishing scam in my email and give you some tips on how to spot them yourself.
The phishing email I got
I tend to get a lot of spammy, scammy emails simply because of what I do. My business email address is all over the internet and posted on my website, so I’m an easy target. I’ve become fairly adept at spotting them quickly — usually before I’ve finished reading the subject line. Still, a few get through my radar and make me spend a minute or two more on inspection. Take the one I received a few days ago.
Date: August 23, 2025
Reference: S&C-UMG-61338416
Dear Administrator of Fanpage "Focused Site Care",
We are Cravath, Swaine & Moore LLP, a premier U.S. law firm headquartered in New York, acting as the legal representative of Universal Music Group (UMG Recordings, Inc.) - the exclusive copyright holder of the renowned track "Someone You Loved" performed by Lewis Capaldi.
This recording was released by Virgin EMI Records, ISRC code GBUM71905951, and is strictly protected under U.S. copyright law (17 U.S.C. § 101 et seq.) and international legal frameworks.
I. SPECIFIC INFRINGEMENT DETAILS
Our client has identified the unauthorized use of the aforementioned recording on your fanpage, detailed as follows:
Infringing Video: https://www.facebook.com/631540416714838/videos/R33FameTQPSeGrrlAK7/1061735…
Fanpage: "Focused Site Care"
Page ID: 631540416714838
Infringed Content: Song "Someone You Loved" - 45 seconds used from 0:15 mark
Licensing Status: No authorization or valid license obtained
On August 21 2025, we issued a formal request for removal of the infringing content. However, to date, no response or remedial action has been taken by your entity.Wow. At first glance, this looks pretty scary. I used to work with the law firm Cravath, Swain, and Moore, so I know they are legitimate. And the email itself looks very official in its design. Another thing that gave me pause was the fact that I had only recently created a Facebook business page. Those two things made me read a little further, but after a minute or two I could see this was a scam. How did I know?
The first line
The opening line states that, “We are Cravath, Swaine & Moore LLP, a premier U.S. law firm headquartered in New York…” The fact that they are trying to make sure I know how important they are is suspicious. A legitimate legal notice doesn’t typically begin with marketing copy. The sender is trying to impress me right up front so I’ll take the email seriously. It’s little details like these that make it important to pay close attention.
The infringement details
The email claims that I violated a copyright to the song, “Someone You Loved” by including it in a post. This was easy to dismiss because I already know I never used that song in a post. However, they provided a link to the post just so I could verify. That can be tempting, because I could think, wait a minute… did I do that by accident? and investigate by clicking. The safer thing to do would be to go to my Facebook page and look for myself, which I did, and of course, bupkis.
Another clue was in the link itself. Although the text of the link appears to point to Facebook, when I right-click on it I can see that the actual link is a shortened URL that’s different from the longer text link. And no, I did not try that link because I don’t know where it goes, and that is where the phishing part begins. I’ll expand on this in a bit.
The sender’s email address
When I looked at the sender/reply-to email address, it didn’t have the Cravath, Swain, and Moore domain name. It was from a personal Gmail account. I had to ask myself if a premier U.S. law firm headquartered in New York would have their attorneys using personal Gmail accounts to serve legal notices. Hmmm.
The contact email
The second half of the email reads:
III. FINAL REQUEST BEFORE LEGAL ACTION
As the authorized legal representative of Universal Music Group, we hereby demand that your entity:
Immediately remove the video containing the unauthorized use of "Someone You Loved"
Send a written confirmation of the removal to: copyright@sullcrom.com
Provide a formal commitment to refrain from any future unauthorized use of our client's copyrighted content
Deadline: Within 72 hours from receipt of this noticeNotice anything interesting? The email address they give to send confirmation goes to an entirely different law firm — Sullivan & Cromwell. While I’m sure they are just as premier as Cravath, Swain, and Moore, it’s not the same firm. That’s another red flag for this sender.
Now, of course I can’t remove a post I didn’t create, and there’s no harm to me if I write to Sullivan & Cromwell to tell them so. But that’s not the phishing part, so let’s talk about how that works.
How phishing emails work
Remember bogus the link I mentioned? That’s really where the sender/scammer is hoping I’ll bite. Everything else is window dressing designed to get me a little scared — because who doesn’t get their hackles up when they get an email from a big law firm? Besides attorneys, of course. That link is buried in a lot of stuff that makes it seem important. And in our busy days with tons of email, we’re all tempted to click and move on to the next task. What’s the worst that could happen? Plenty.
- The link could take you to a page where malware is lurking. Certain types of malware can be downloaded and installed in the background, and you won’t even know. You’ll think it’s a dead link and get on with your day. Except that it’s too late.
- The link could ask for your login credentials. In my case, it may have led me to a fake Facebook login page. If I was in a hurry, I might have entered my username and password, which would be captured by the scammer’s software and then they would have direct access to my account.
- The link could take me to a fake law firm page that asks me to enter certain types of info about myself. The sender collects this data and hangs onto it, maybe sending a follow up email where I click a link to give them even more info. For example, if they have my phone number, they can spoof my phone and potentially intercept 2-factor authentication for my Facebook account. See number two. In fact, this was the second email I received from this scammer with the same warning. That’s no accident.
- Just by opening the email, I open myself up to risk from pixel placement and tracking.
Now that you know how phishing emails work, I’ll give you those promised tips to avoid being exposed.
How to avoid phishing scams in your email
I’ve covered quite a few tips in my example above, but I’ll break them down here for ease of reading.
1. Disable automatic image loading
Disabling automatic image loading enhances privacy and security by blocking potentially harmful tracking pixels or unwanted content. Here’s how to do it in the most popular email clients:
Gmail
In Gmail settings, go to “General,” then find the “Images” section and select “Ask before displaying external images.” This stops images from loading automatically.
Outlook
For Outlook, select “File” → “Options” → “Trust Center” → “Trust Center Settings.” Under “Automatic Download,” check “Don’t download pictures automatically in HTML email messages or RSS items”.
Apple Mail
In Apple Mail, navigate to “Mail” → “Preferences” → “Viewing,” then uncheck “Load remote content in messages.” This will block automatic image downloads.
Mobile Email Apps
Many mobile clients have similar controls, typically under account or privacy settings. Look for terms like “block images,” “disable remote content,” or “ask before displaying images”.
Disabling automatic image loading helps protect your privacy from email tracking and gives you more control over which images are displayed in your inbox. And when you get an email from a source you trust, you can usually click a button to load images for that email. Yes, it’s a pain, but it could save you from doom.
2. Don’t click links in your email
This is a best practice for just about any email. Even emails from your bank that you’re sure are legitimate should fall under this rule. Scammers are getting pretty sophisticated and can spoof bank emails easily. All it takes is a busy day and little impatience and you can get fooled. It’s always safer to go to your bank’s website and log in from there.
Some exceptions to this rule are those email verifications that you receive just a few seconds after visiting a website, i.e.; verifying your email address for a subscription. It’s not likely a scammer can spoof those that quickly. Still, it’s a good practice to keep vigilant.
3. Be mindful of errors
If you get an unexpected email from a source you don’t know, read it carefully, looking for errors. Bad grammar and misspellings are always red flags. Also, check the sender’s email address. Does it look official, or is it something like 2XC838464hjbd@hotmail.com? It’s possible for scammers to spoof emails, but it’s at least worth a look.
4. Does it even sound right?
In my example, I already knew that I hadn’t posted anything to Facebook with a song in it. That was a big clue to the whole thing being a scam. Be smart, and you’re smarter than you think. Scammy emails always feel “off” in some way. If they try to scare you and give you a sense of urgency, don’t get lured into acting quickly. Almost no one uses email to take care of urgent matters. If it sounds too good to be true — or too bad to be true, it probably is.
Don’t get phished!
It’s not too difficult to detect a phishing scam in your email. It just takes a little investigation and some deep breaths before you plunge into clicking links. Your email inbox is a sacred place. Don’t let scammers take it over.
Leave a Reply