A couple of years ago I did a video about how Meta/Facebook operates a cesspool where they look the other way as international criminals exploit unsuspecting users on their platform.
Here’s another example: Take a look at any public Facebook post of a car wreck or other local tragic event and you’ll often find posts like this:
This of course will link you to a scammer account who will do who knows what to a person’s account or privacy.
As the dutiful netizen that I am, I decided to report this Facebook to see what happens.
It took over a week for them to review this, but guess what? Facebook’s moderators allow the scam post, and its author to continue exploiting people on the platform. What’s crazy is how formulaic these posts are and how easy it is (conceivably) to block them programmatically. But they allow this to persist.
Why is that? The answer is shareholders.
Facebook uses a metric called “family daily active people” to report to shareholders how many active users are on their platforms (Facebook, Instagram, Whatsapp, etc). They likely have hit critical mass for new users, so the activities of active users are now the metric.
On this post of a recent tragic accident, you’ll find 8 of these spam posts out of 24 posts total – over 30%! Given the volume of spam traffic I see, it’s probably not out of the realm of possibility that scam accounts are likely a significant portion of the “family daily active people.” A more aggressive effort to remove them would eat into a key shareholder metric.
With no consequences and money to lose, why deal with the problem? For them it’s far more profitable to look the other way. Just like UPS is doing with the recent scam I uncovered coming from one of their local retail outlets.
I recently posted a video about the “D Deng” review bribery scam where I was offered $20 to remove a negative review and replace it with a five-star one. In that first video I mentioned the letter originated from a UPS store address in California. At the time I assumed the store was just being used without its knowledge, but I’ve since learned the company actually rents a mailbox there.
As a recap I didn’t take the bribe, but I did report the attempt through Amazon’s review compensation reporting system, uploading the letter and details about the product. Not long after, the product is no longer available for sale, although the seller’s page remains active.
A few days later, Amazon emailed me to acknowledge the report, but also let me know my review of the product had been removed while the investigation was underway. That leaves only glowing five-star reviews on a product I found to be subpar. If the listing comes back, shoppers will see no critical feedback. Sometimes it feels like no good deed goes unpunished.
When I reached out to the UPS store where the letter originated, they said:
We are not part of any kind of services/activities that our boxholder are associated with. They are just using our mailing address so we are not responsible for anything they do.
But the terms of service agreement every UPS Store customer signs clearly prohibits unlawful, illegitimate, or fraudulent use of a mailbox. This scam is exactly that—fraudulent and against federal law. Yet this mailbox holder has operated from the same address for at least four years as it was the same one used in a brushing scam in 2021.
I also asked UPS corporate for comment. Their reply wasn’t much better:
The UPS Store network of stores provides a variety of personal and business services for our customers. All but a handful of The UPS Store locations are individually owned and operated by local franchisees. Franchise owners hire and train their staffs and are responsible to ensure they follow all required laws and regulations related to the services they provide to customers. We have no direct affiliation with the business about which you are inquiring and are not privy to their interests or operations.
Postal authorities and/or law enforcement often work with franchise owners when investigating alleged violations, and we have no reason to believe that could not occur here.
So while they absolve themselves of a franchise holder not following the terms of service, they do profit from that mailbox—5% of monthly sales for royalties plus another 3.5% for marketing according to the UPS store franchise website. That means UPS profits from mailbox rentals, including this one. While technically arms-length, it’s hard to ignore that the corporate parent benefits financially from the revenue franchisees collect, even from problematic clients that violate the terms of service all franchises must present to their mailbox customers.
This whole episode highlights how scams keep finding places to operate, and the corporate owners of those places look the other way. Whether it’s on major e-commerce platforms, social networks, or something as simple as a rented mailbox, there’s little incentive for the companies involved to intervene. They still get paid while fraudsters exploit people. For consumers, it means being extra cautious, because the protections we assume are in place from seemingly trusted corporate brands often aren’t.
In my latest video, I reveal yet another brand behaving badly. This time sending out letters to bribe Amazon reviewers to delete their critical reviews of products.
I recently bought a product on Amazon (affiliate link) that looked like it could be useful for filming. It was a small display that snaps onto the back of an iPhone to mirror the front screen, which sounded ideal since the rear cameras are much better than the front-facing one.
At first, the device seemed to work, but once I hit record, I noticed the display lagged 20 to 30 seconds behind realtime. That made it useless for its intended purpose, and on top of that, the orientation button didn’t work either. I left a review describing what I found—both the good and the bad—but ultimately explained why it didn’t serve its purpose or meet its marketed claims.
After posting my review, I received multiple messages from the third-party seller offering direct refunds, though they avoided directly asking me to change my review. Their eagerness to issue a refund without going through Amazon made sense—too many returns can trigger Amazon to delist a product. But I had already started the Amazon return process so I ignored them.
Not long after that, a letter showed up at my home offering me $20 if I deleted my review. This was troubling because it showed the seller had access to my address, even though the product came from Amazon’s warehouse.
The letter asked me to not only remove my review but also replace it with a five-star positive one. It included instructions to scan a QR code that led to a Chinese website, which logged some data, and then redirected my browser to a mailto address with my order information and gift card preference.
The letter explicitly said not to mention the gift in the review “to protect your Amazon account.” This of course violates Federal Trade Commission guidelines and Amazon’s terms of service, leaving customers at risk of losing their accounts or worse.
The letter came from a UPS store address in San Leandro, California, which has been tied to similar scams in the past. Searching online, I found others had received almost identical letters, sometimes dressed up to look like official Amazon communication. Some even pushed people to review products they hadn’t purchased, including inappropriate ones for adult toys, raising concerns about what unsuspecting recipients—possibly even kids—might see when opening these envelopes.
What makes this situation particularly concerning is how long it seems to have been happening. Reports going back years link the same address to review manipulation and product “brushing” scams, where people receive unordered items to inflate seller ratings. Amazon has been trying to crack down, even working with Chinese authorities to pursue criminal cases, but the persistence of these letters shows how difficult it is to stop.
For anyone who gets one, Amazon has a reporting mechanism. You can submit the product details, ASIN number, and a copy of the letter through their review compensation reporting page. It’s important to do this because the more evidence Amazon has, the better they can track and take action against bad actors. For the rest of us, the takeaway is to stay vigilant. A $20 gift card isn’t worth risking your account, your reputation, or potentially landing yourself in hot water with the law.
I’ve been on YouTube for over a decade now, and with that comes a steady stream of emails—some from viewers, some from brands, and quite a few from scammers. Most of the scam attempts are easy to spot, but every so often, one comes through that’s far more convincing than the rest.
This most recent example caught my attention for how elaborate and well-executed it was, and I think it’s worth sharing as a cautionary tale.
These attacks attempt to get YouTube creators to download malware that steals their login credentials. You’ve probably seen this happen to other creators—big names like Linus Tech Tips have dealt with it. These attackers use social engineering tactics, many times impersonating an ad agency or brand, and send over the malware disguised as a contract.
I get messages daily that are easy to dismiss. One claimed to be from Nvidia offering an RTX 5000, but the email came from a random address in Slovakia. Another one, supposedly from Black Desert, had similar red flags. But others look much more legitimate. One scam I looked into a few weeks ago appeared to be from Corsair. The sender impersonated a real employee and used graphics and assets from Corsair’s actual website. But there were giveaways—like an email that, on reply, went to a random Gmail account and an SMTP server tied to a school in India. That one was fake, but you could spot it with a little digging.
Then came the Sony campaign email, which was on a whole different level. It started with a message from someone at “creatorpulse.org,” presenting themselves as an agency. I hadn’t heard of them before, so I checked out their website. It redirected to another agency, which looked like a social media marketing company. That wasn’t necessarily suspicious, since agencies often operate under different names for different industry verticals.
I responded, just to see where it would go. The sender said this was a major opportunity with Sony and directed me to watch a video on YouTube for more information. The video featured a very professional looking and sounding host that provides a set of instructions to the Creator for participating in the campaign. Creators were promised sizable compensation for this campaign along with up-front payments.
The YouTube channel, “Sony Partnership”, where this video lived looked authentic. It had a verified badge and 139,000 subscribers along with a lot of content taking back years. The video had been posted as unlisted and had over 4,600 views. Other creators were clearly being targeted.
But when I dug deeper, I saw that the content on the channel wasn’t original. It was made up entirely of playlists featuring official Sony videos. The channel itself hadn’t uploaded any public content—it was just borrowing legitimacy by curating the official Sony channel’s content.
I followed the link provided and logged into the associated website using a VPN and a dummy account. The site asked for access to a YouTube channel, displayed some generic YouTube stats, and then prompted users to download a password-protected archive which was supposedly an encrypted spreadsheet of products to request.
But the archive only worked on Windows, which was the biggest red flag. These types of files typically contain malware. If opened, they execute a script designed to steal Google and YouTube credentials. Once that happens, scammers can take over the channel, replace all content with crypto scam livestreams, and impersonate the original creator.
That’s likely what happened to the “Sony Partnership” channel. It was probably a legitimate account at one point—maybe even a verified one with a decent subscriber count—before it was compromised and repurposed for this phishing scheme.
The video in the scam featured a professional-looking host. Curious about who he was, I grabbed a frame and ran an image search. That led me to the portfolio of a video editor and, eventually, to a Fiverr spokesperson named Radostin Radev. He’s not involved in the scam; he was hired through Fiverr, likely thinking he was working for Sony, a past client of his. When I contacted him, he was shocked to find out how his video was being used. He hadn’t known about it until I reached out.
Others have reported receiving similar emails from fake agencies, but linking to the same video and site. Despite these reports, the scam site is still up and running, protected by Cloudflare, and the hijacked YouTube channel remains active and has been for at least a week.
The motivation here is financial. These fake crypto livestreams actually pull in money. One report from Bank Info Security detailed a scam that netted $1.6 million. The tactic is to ask viewers to send a small amount of Bitcoin in exchange for an investment opportunity or giveaway. With a hijacked, verified channel, scammers can use YouTube’s algorithm to amplify reach—sometimes with the help of fake viewers—to pull in real victims.
Bitdefender published a good deep dive last year explaining how these attacks work. It’s worth a read if you want to understand the mechanics behind it. But the bottom line is this: scammers are evolving. They’re spending money, crafting believable narratives, and using stolen or compromised infrastructure to increase their odds of success.
Staying safe means being skeptical, even when everything seems to check out on the surface. Always double-check domains, email headers, and don’t download files you weren’t expecting—especially if they’re password protected and only work on one operating system.
In my latest video I take a deep dive into the troubling world of Facebook’s rampant fraud, fake accounts and scams. Most of what I investigated here are based on my own experiences and observations.
What prompted this investigation was an incident involving a friend whose car was stolen. After she posted about it on Facebook, her post was swarmed by scammers, a clear indication of how these predators prey on vulnerable individuals. Here’s what a few of the comments looked like:
This incident prompted me to conduct an experiment: I created a “honeypot” post on my Facebook page, pretending to seek help for a hacked account. The response was overwhelming and immediate, with over two dozen scammers flocking to offer ‘help,’ all from fake accounts. If these scammers are contacted they almost will certainly demand money from their victims and then disappear.
This experiment highlighted two critical issues with Facebook: the lack of adequate support for users with account problems and the platform’s failure to enforce its own rules against fraudulent activities.
When I reported a scam comment from a “Daniel Sarvela” to Facebook they did nothing about it, even after an appeal. This inaction allows fake accounts to proliferate, scamming more people without consequence.
And that “Daniel Sarvela” I reported? It turns out the fake account was made from images posted by an unsuspecting father and community volunteer from Australia. Facebook’s systems could very easily detect that photos from the victim were being stolen for a fake account yet they do nothing about it. Meanwhile this man’s likeness is being used to steal from vulnerable Facebook users.
But that’s not all.. In checking my recent friend requests, 7 of the 8 top requests on my profile are all cloned accounts of friends of mine. One of them cloned my uncle’s account and tricked my wife into accepting his friend request. The scammer then began a chat with her where he was about to ask for money before she got wise to the scheme.
The problem extends beyond simple scams. I discussed the disturbing trend of pig butchering schemes where lonely individuals lose hundreds of thousands of dollars to fake crypto investment schemes and the human trafficking linked to these scams.
With Facebook apparently doing nothing to combat these scams, I believe education and awareness are key. Resources like the AARP’s Fraud Watch Network and the podcast “The Perfect Scam” are invaluable for understanding and avoiding scams. The YouTube channel “Catfished” by SocialCatfish.com is another excellent resource, particularly for understanding romance scams.
Despite being the largest social media network with the largest number of vulnerable users, Facebook’s efforts to address these problems is completely insufficient. This situation underscores the importance of staying vigilant and informed to safeguard ourselves and our loved ones in the digital world.
