If out of the blue you get a message with a link to screenshot.photos in it, don’t click on it! It is a scam trying to get you to click on the link. It may come in a message that someone has found a wallet near your business, or it may come in some other message, but regardless it’s a scam.
We were first alerted to this scam when a scammer submitted a scam comment right here at the Internet Patrol (pretty stupid of them, if you ask us). The message, claiming to be from Jamel Wylly, with an email address of firstname.lastname@example.org, says:
I found a wallet near your business, and I took a picture of the ID. https://screenshot.photos/foundwallet
I hope you can return the wallet to the owner
“Sent from my iPhone”
(Don’t worry, that link doesn’t actually go to the site.) Now, the .photos domain has been around since 2014, however screenshot.photos was created just last month, in December of 2019.
|Get notified of new Internet Patrol articles for free!
Domain Name: screenshot.photos
Registry Domain ID: c94de0e8ce1e40e0807fc93da7f543ed-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2019-12-15T10:16:54Z
Creation Date: 2019-12-10T10:16:48Z
Registry Expiry Date: 2020-12-10T10:16:48Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: email@example.com
What’s more, it was created specifically to misdirect people. It is nothing more than a URL shortener and redirector, almost certainly set up to allow scammers to take advantage of it.
What is Actually at Screenshot.photos
In fact, what is hosted at screenshot.photos is a YOURLS install. YOURLS stands for Your Own URL Shortener. YOURLS is an open source URL shortening program that anybody can install anywhere. According to the YOURLS site, at yourls.org, YOURLS is “a small set of PHP scripts that will allow you to run your own URL shortening service (a la TinyURL or Bitly).”
YOURLS goes on to explain that “Running your own URL shortener is fun, geeky and useful: you own your data and don’t depend on third-party services. It’s also a great way to add branding to your short URLs, instead of using the same public URL shortener everyone uses.”
Now, we are reasonably certain that the good folks at YOURLS did not intend that their program would be used by scammers, but it was inevitable. Goog.le, TinyURL, and Bit.ly and others have all been exploited by scammers to cloak the actual links leading to their malware and viruses. In fact, in 2018 the Register covered “Google’s recent efforts to get rid of its Goo.gl URL-shortening service,” explaining that “The link-shortening site is a favorite for scammers looking to hide the actual address of pages.”
And that is exactly what screenshot.photos is enabling.
If you’ve received any messages featuring a link at screenshot.photos, let us know!
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!