Skip to content
Methodology·methodology·scam·vendor·vendor-watch

Methodology: how we identify and verify vendor scams

We do not publish unverified scam reports. This is the methodology we apply before publishing any scam alert, and what kind of evidence we look for.

Axel L.
Axel L.
Lead investigator · scam network exposésStockholm

This is not a scam alert about a specific vendor. It is a methodology page describing what we publish, what we don't, and how readers can spot scam patterns themselves. Concrete scam alerts will appear in this section only after they meet the criteria below.

Why we are careful

Vendor reputations are easy to destroy and hard to rebuild. A wrongly accused vendor can lose months of work to a single viral post. At the same time, real scam vendors cause real harm — at minimum financial, often physical (contaminated product, fentanyl exposure, doxxed customers).

We try to balance these by holding ourselves to a publication standard close to what an investigative journalist would use for a small-claims allegation.

What counts as evidence

Strong evidence (publishable):

  • Multiple independent first-hand reports, each with an order ID and timestamps
  • Photographs of received product matching a confirmed adulteration or substitution
  • Reagent test or lab test results from the product, ideally cross-referenced against the vendor's claimed compound
  • Verifiable changes to a vendor's site (e.g., wallet swap detected via archive.org diff)
  • On-chain analysis showing wallets associated with the vendor flagged in established scam-tracking databases

Weak evidence (not sufficient on its own):

  • A single anonymous report on a forum
  • Reports from competing vendors or affiliates of competing vendors
  • Claims about "ripped me off" with no order detail
  • Screenshots that can't be independently verified
  • Reports more than 12 months old without a fresh datapoint

What we publish in a scam alert

A scam alert we publish will include:

  1. The vendor name and domain(s)
  2. The specific behavior (exit-scam, product substitution, doxx, fentanyl contamination, etc.)
  3. A timeline of when the behavior began and ended (if it has)
  4. The evidence base, anonymized where required to protect reporters
  5. What we recommend readers do (request a chargeback, file a report with X agency, etc.)
  6. Whether and when we'll revisit the alert

What you can do as a reader

A few quick checks that prevent the most common vendor scams:

  • Check the domain age with a WHOIS lookup. New domains posing as established vendors are a red flag.
  • Check archive.org for the vendor's site over time. Pricing or wallet changes around the time of suspected scam are diagnostic.
  • Cross-reference the vendor's wallet addresses with public scam-tracking lists (ScamSearch, dread mirrors for darknet contexts, etc.).
  • Use escrow wherever available. Direct-pay vendors who refuse escrow are higher risk by definition.
  • Start with a small order. No vendor worth using objects to a first-order test purchase.
  • Don't believe the reviews on the vendor's own site. Independent forums (in jurisdictions where they exist), our reviews, and direct word-of-mouth from people you know are higher signal.

Reporting a suspected scam to us

Send everything you have to [email protected]. Include:

  • Vendor name and domain
  • Order ID and date
  • What was advertised vs what was delivered
  • Any photographs, reagent test results, or lab reports
  • Whether you've contacted the vendor and the response
  • Whether you're willing to be cited (anonymized by default)

We will reply within a week and tell you whether we can verify, what's missing, and whether we expect to publish.