Backlink Phishing Scam: Linkwish

Jay Lauren

A company called is plying the marijuana industry with an offer to buy embedded links, and we’ve uncovered a phishing scam. We’re sharing as there are some valuable points to consider as companies build out their websites: what you post, and who you link to, says everything about you.

We received an email with the subject line “Love your website content! We would like to work with you!” from a email address, claiming to represent a digital marketing agency purchasing backlinks on behalf of their customers. Their offer ranges from $500-$1000 for a link of embedded text in an article. They also offered $20 as a courtesy, and would send funds to a PayPal account. Don’t send your PayPal account details. (We didn’t, but only because we took some extra steps, that can be learned from.)

We offered them a website post, not a link, for their customer(s): surely an Agency that found value in our content would want their customer’s content on that site? They responded asking for the embedded backlink, with the following message: “We hope this will be the beginning of a mutually beneficial relationship, as we have quite a few clients and this could be the start of many exchanges. Please let me know if you are interested and provide your paypal address so that we could pay for this favor. By the way, just letting you know that these are the links.”


https: //

https: //

https: //

It made no sense to embed any of these links on our website. Even more, it made no sense for a Digital Marketing Agency to place these on our site: the audience is wrong, the content is wrong, the link would be valueless. SEO lesson: traffic referred from relevant websites is what makes a backlink useful. Our audience wouldn’t find value reading about “prostrate massagers” or “anal beads” (until now), so there was clearly no business purpose with their offer, apart from phishing. We took a few minutes to look at their website, which offers a general lesson about KYC (Knowing Your Customer):

Take a minute to look at your customer’s website and understand their business. The homepage of their website was attractive, but:



  1. Social trail. A real company leaves a mark online, with 1 or more active social channels. If you have social icons with dead links on your site, remove these until the channel is established. You don’t need a ton of activity on a social channel, but you do need a social account if your website shows the icon. shows 7 social channels/icons, none of which have active social accounts.
  2. Go through the website. If you are building a site, and do not have content for a page, hide that page. The holder text used by web developers (“Lorem ipsum dolor…”) is meant to show where text belongs, it’s not meant for a public page. If you have buttons on a menu that do not link to active pages, remove those menu items. has a sub-menu that appears on the “Contact Us” page that are all dead links. Also, spelling and grammar count.’s testimonial section has an oddly-worded header “Customers About Us” and a spelling error in the testimonial, which starts with: “I was sceptical at first.” (Skeptical, yes, we were.)
  3. Errors in contacts, phones, and details: shows the same phone number for phone, mobile, and fax. Two email addresses end with (in other words, “insert your domain here”), and one email address is from the website template
  4. Two different mailing addresses, one in the header and one on the contact page.
  5. Mailing address oddity: one address shows “USA” and another has “United States” after the zip code. It’s not our custom or habit to list our country after the zip code.
  6. Phone number oddity: the phone numbers all show +1 then the area code/number. US companies don’t use our country code (+1) before the phone number, we just show our phone number.

Takeaways: use common sense and do some legwork before engaging in business. Don’t fall prey to phishing. Also, pay close attention to detail as you build out your website: it’s how your customers and prospects will judge whether (or not) to do business with you.

(NOTE: A company with the .com domain is owned by Wish Mobile, but are not associated with this domain spoofer