Fake DMCA claim coming from the FBI, and CF forwarding confidential details to impersonator

Lately, my website has been receiving random and clearly false DMCA requests from a group of malicious individuals. While I have previously ignored such requests due to their obvious lack of legitimacy, the situation has escalated.

Earlier today, an alleged FBI officer sent a request to my website, demanding that I remove my landing page. I’m unable to upload the image for some reason (it says I cant put links ?) but here’s the email coming from Cloudflare.

Hello,
Cloudflare received a DMCA copyright infringement complaint regarding: [redacted]
The information we received was the following:
Reporter's Name: [redacted] 
Copyright Holder's Name: [redacted]
Reporter's Email Address: [redacted]@fbi. gov
Reporter's Title: Director of the FBI
Reporter's Address: [Pentagon HQ address here]

Reported URLs:
        [redacted]

Original Work: Remove your landing page.
Comments:
**We have provided the name of your hosting provider to the reporter.**
**We have forwarded this complaint to your hosting provider.**
Thanks,
The Cloudflare Team

And Cloudflare forwarded this request to me and my hosting provider. What is particularly alarming is that Cloudflare, appears to have forwarded my hosting provider’s name to this individual without conducting due research or contacting the person from a secure channel such as an email address ending in ‘fbi dot gov.’ This security flaw on Cloudflare’s end has potentially exposed me to further issues.

As a result, this individual now has the ability to send false DMCA requests directly to my hosting provider, which could result in additional problems for me, even though all of the requests are patently false. I am therefore seeking advice from the forum on how to address this issue and what steps I can take to prevent it from happening again in the future.

Thank you in advance for your assistance.

In my view this should not have happened, if this in fact happened without prior checks. (Though to be honest, any information provided to that email address, if it proves to be a false email address, will bounce back and never reach the impersonator.)

Unfortunately, though, there’s nothing we can do here at the community to help you, except hope that the right pair of eyes may see this topic and speed up some resolution.

Though in general complains to that specific area of Cloudflare should be addressed via https://abuse.cloudflare.com, your case seems to also involve Cloudflare Registrar if I understood your post correctly. If I’m correct in this assumption, you can go to your Cloudflare Dashboard and click on the Support button to open a ticket under the Registrar category, and ask them for clarification.

We forward copyright complaints to website operators and hosting providers, and give rightsholders the hosting providers’ contact information. While we are not legally obligated to provide that sort of assistance, we think it is the right thing to do and the best way for us to help.

This information would have been sent to the email address specified in the abuse report form. If the person reporting your website specified an email address which they do not control (i.e. a non-FBI agent specifying an @fbi.gov address), then they would not be able to receive the information.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.