Martin HöllerMar 13

So here’s how I fell for that scam 🧵

A couple of days ago I received an email, seemingly from Stephen Robles (https://www.youtube.com/@beardfm), proposing to include my app in his upcoming Top Apps video.
It looked completely legit, written in perfect English, and I had (almost) no doubts it was real. So I replied with a few questions and requests.
But because I noticed the sender email address wasn’t the one the real Stephen lists on his YouTube channel, I also asked for some kind of proof.
1/7

Show threadMartin HöllerMar 13
A while later I received another email from the actual email address listed on the YouTube channel. Again, it looked legitimate. This is the point where I should have checked the email headers.
But I didn’t, and instead replied to the other email, agreeing to the proposed deal.
2/7
Show threadMartin HöllerMar 13
I then received another reply with more details about how the video would work and how I could pay the agreed fee. They proposed paying in cryptocurrency and provided two wallet addresses.
Again a HUGE red flag, but because I believed I was dealing with the real person, I didn’t question it further. I don’t have any crypto, so I suggested PayPal (being in Europe I assumed that would be easiest). I even asked for an invoice, which they happily provided.
3/7
Show threadMartin HöllerMar 13
They then asked for a PayPal gift card, claiming PayPal would otherwise hold the payment for 21 days. They even sent me a link to an online shop where I could buy the gift card and send them the code.
Which I did. Yet another huge alarm bell that I unfortunately ignored.
4/7
Show threadMartin HöllerMar 13
The next day I received another email proposing a second video focused entirely on my app, for an additional payment. That’s when it finally clicked and I checked the email headers.
Of course it was a scam. They had been spoofing the sender address the entire time using a fake email service.
5/7
Show threadMartin HöllerMar 13
I immediately contacted the real Stephen Robles, who was already aware of the scam and is trying to work with Google to shut it down, but so far without success.
I also contacted the online shop where I bought the gift card, but unsurprisingly they won’t do anything. My only remaining hope now is the fraud protection from my credit card provider.
6/7
Show threadMartin Höller

To summarize, here are the warning signs I should have caught:
- asking for crypto
- asking for a PayPal gift card
- sending a fake invoice

In hindsight I feel pretty stupid for not spotting it sooner, but it is what it is. I lost $100, learned a lesson, and at least now I have a story to tell 🤷‍♂️
7/7

Mar 13 at 9:27amWeb
Show threadHannes OudMar 13
@martinhoeller thanks for sharing, interesting to see the details! In the end you paid $100 for an educative story that hopefully helps others not to pay those $100…