I Tracked Down a Scammer

I filter my email, so sometimes I don’t see messages that I meant to. Today I was looking through my spam filter and found this:

I own this domain, and I once jokingly registered the website http://overrated.expert. So this was definitely meant for me, and definitely spam. I looked at the link for the button and found this:

[website]/de/vs.php?email=[my email]

So I put in a fake email address and was taken to this page:

And this is how phishing scams work, of course. If you don’t realise it’s a scam, you type your password in this text field, and yoink, the spammer has it. So I typed a fake password, which took me to a white page with this URL:


But if I take off the filename, I can peer inside the entire /de/ directory, where I can see this:

None of the PHP files will help much, but that zip file looks promising. So I downloaded it, unzipped it, and I found all the sourcecode for the scam.

The code itself wasn’t super interesting. It’s just a fake form that sends the results to an email. And that email is helpfully called out in a file called to.php:

Well hello there, nopeace2021@shebasecurity.com! Looks like you work for a company that sells security services and runs scams on the side. Or maybe the scams are the only business.

Either way, I’d find a new job if I were you.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store