[EXPLOITS.RUN]
michael@exploits:~$ ./hooked --case 2026-04-29-hooked-launch.md
[HOOKED] case file: other

Case 000: Why I Started Hooked

A standing offer to every scammer with my email address: come and get me.

:: 4 min read :: [Hooked] [Manifesto]

There is a popular show called Catfish where one party in an online relationship turns out to be lying about who they are. The show works because the audience already understands the dynamic: the "catfish" is the operator, the victim is the real person on the other end of the screen.

Hooked flips the camera. Every entry in this series is me — real name, real email, real phone — walking through the entire scam funnel from cold contact to cash-out. The operator on the other end is also real. They send the SMS, the DM, the Telegram invite, the dating-app match, the cold call. I take the bait, click every link they want me to click, and document the mechanics from inside.

I don't use disposable identities. I don't hide behind aliases. If you've found this site because you sent me a phishing SMS and you're now reading this — yes, that was me on the other end. Welcome.

The goal is not to get scammed for content. The goal is to make the inside of these operations legible to the people who would otherwise only see the surface. When somebody in your family asks "how did this happen to me," I want there to be a writeup on this site that shows them exactly what happened, in order, with screenshots and indicators.

What every case file will contain

  • A score card. How convincing the scam was, how technically sophisticated, how scalable, how dangerous. Comparing across cases is the point.
  • A case-file sidebar. Vector, target demographic, what I actually spent vs. what the operator demanded, status (live / reported / taken down).
  • An indicators block. Domains, URLs, wallet addresses, phone numbers — everything copy-pastable and aggregated across every case at /hooked/indicators/.
  • The narrative. What I clicked, what they said, where the money was supposed to go, and what I did with the evidence afterwards.

Operating principles

  1. Real identity. No personas. I use my real name, my real phone number, and my real email when interacting with operators. If a scammer wants to verify I'm a real person, I am one. The volume of spam I get is the cost of doing this work, and I accept it.
  2. Real identity does not mean real card. When an operator wants payment, they get a single-use Privacy.com card funded with $1, locked to the merchant they sent me to. The card registers as a real Visa — it passes BIN checks, it passes the merchant's "is this a real funding source" probes, and it lets the funnel proceed exactly as it would for a real victim. Then it declines on charge. I learn the full attack flow including the post-payment behavior (the "fee unlocked" page, the upsell, the followup call demanding more) without sending the operator a dollar. For crypto cases I keep a dedicated low-balance wallet earmarked for this work, with a hard spending cap written down before the case begins. (That Privacy.com link is my referral — if you sign up through it, we each get $5. I'd be using the service either way; it's the load-bearing tool of this entire series.)
  3. Sandboxed devices. I'm using my real identity, not my real laptop. Every interaction that involves clicking a link, downloading a file, or running an installer happens inside a disposable VM. Identity isn't the thing I'm protecting from malware — my actual machines are.
  4. Disclosure first, publication second. Live infrastructure gets reported to the targeted brand, the host, the registrar, the exchange, and where appropriate law enforcement before publication. Some posts will sit in a drafts folder for months while takedowns play out.
  5. No unaware victims. I will not publish anything that would identify a real person who got scammed alongside me. If someone reached out to "help" because they were also a mark, they get redacted. The operators do not.
  6. Reproducible methodology. Every technique I use is published. If you want to do this yourself, the playbook will be on the site.

What's coming

A short list of pipelines already in motion. Order is not promised:

  • The "USPS held package" SMS, end-to-end.
  • A pig-butchering pipeline starting from a Tinder match.
  • A "remote data-entry job" that turns into money mule recruitment.
  • A Geek Squad / Norton renewal PDF, with the call.
  • A crypto recovery scam — I'll pose as a victim of a previous case in this series and see who shows up.

Standing offer

If you got hit by something and want it dissected, send the email, screenshot, or link to the address on the whoami page. Cases with broad reach or novel mechanics jump the queue.

If you're an operator and you're reading this on your own dashboard wondering why your conversion target is acting strange — keep going. I'm taking notes.

The first real case file drops next.

"I become the mark on purpose. Then I write what happens next."