I Tracked Down a Scammer
I filter my email, so sometimes I don’t see messages that I meant to. Today I was looking through my spam filter and found this:
I own this domain, and I once jokingly registered the website http://overrated.expert. So this was definitely meant for me, and definitely spam. I looked at the link for the button and found this:
[website]/de/vs.php?email=[my email]So I put in a fake email address and was taken to this page:
And this is how phishing scams work, of course. If you don’t realise it’s a scam, you type your password in this text field, and yoink, the spammer has it. So I typed a fake password, which took me to a white page with this URL:
https://screeningsolutions.com.au/de/cum.phpBut if I take off the filename, I can peer inside the entire /de/ directory, where I can see this:
None of the PHP files will help much, but that zip file looks promising. So I downloaded it, unzipped it, and I found all the sourcecode for the scam.
The code itself wasn’t super interesting. It’s just a fake form that sends the results to an email. And that email is helpfully called out in a file called to.php:
Well hello there, nopeace2021@shebasecurity.com! Looks like you work for a company that sells security services and runs scams on the side. Or maybe the scams are the only business.
Either way, I’d find a new job if I were you.
