Don’t Click On or Open Screenshot[.]photos Links!

Dont Click On or Open Screenshot.photos Links
Share the knowledge

If out of the blue you get a message with a link to screenshot.photos in it, don’t click on it! It is a scam trying to get you to click on the link. It may come in a message that someone has found a wallet near your business, or it may come in some other message, but regardless it’s a scam.

We were first alerted to this scam when a scammer submitted a scam comment right here at the Internet Patrol (pretty stupid of them, if you ask us). The message, claiming to be from Jamel Wylly, with an email address of wylly.jamel@hotmail.com, says:

Hi
I found a wallet near your business, and I took a picture of the ID. https://screenshot.photos/foundwallet
I hope you can return the wallet to the owner
greetings
“Sent from my iPhone”

(Don’t worry, that link doesn’t actually go to the site.) Now, the .photos domain has been around since 2014, however screenshot.photos was created just last month, in December of 2019.

Domain Name: screenshot.photos
Registry Domain ID: c94de0e8ce1e40e0807fc93da7f543ed-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2019-12-15T10:16:54Z
Creation Date: 2019-12-10T10:16:48Z
Registry Expiry Date: 2020-12-10T10:16:48Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

What’s more, it was created specifically to misdirect people. It is nothing more than a URL shortener and redirector, almost certainly set up to allow scammers to take advantage of it.

What is Actually at Screenshot.photos
screenshot.photos is a scam

In fact, what is hosted at screenshot.photos is a YOURLS install. YOURLS stands for Your Own URL Shortener. YOURLS is an open source URL shortening program that anybody can install anywhere. According to the YOURLS site, at yourls.org, YOURLS is “a small set of PHP scripts that will allow you to run your own URL shortening service (a la TinyURL or Bitly).”

YOURLS goes on to explain that “Running your own URL shortener is fun, geeky and useful: you own your data and don’t depend on third-party services. It’s also a great way to add branding to your short URLs, instead of using the same public URL shortener everyone uses.”

Now, we are reasonably certain that the good folks at YOURLS did not intend that their program would be used by scammers, but it was inevitable. Goog.le, TinyURL, and Bit.ly and others have all been exploited by scammers to cloak the actual links leading to their malware and viruses. In fact, in 2018 the Register covered “Google’s recent efforts to get rid of its Goo.gl URL-shortening service,” explaining that “The link-shortening site is a favorite for scammers looking to hide the actual address of pages.”

And that is exactly what screenshot.photos is enabling.

If you’ve received any messages featuring a link at screenshot.photos, let us know!

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

One thought on “Don’t Click On or Open Screenshot[.]photos Links!

  1. From: Lily Hodel | lily.hodel@googlemail.com
    Subject: Hi
    Message Body:
    Hi
    I have a question, i see a lot of items in this shop, I have made a screenshot of some products, [Link deleted]that you also sell in your shop. But there items are 51% cheaper, well my question is what is the difference between your shop, is it the quality or something else, I hope you can answer my question.
    Yours sincerely
    Lily Hodel
    “Sent from my Smart Phone”

    This is the scam email to my business

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.