It began with a single WhatsApp message claiming that the recipient had won US$1 million through the well-known American company Publishers Clearing House (PCH). What followed was a textbook example of how modern online fraud operates – and how a few simple verification steps were enough to make the scam unravel.
The initial message appeared straightforward enough. A person identifying themselves only as “Fahlon” claimed to work for Publishers Clearing House and said they had been instructed to deliver “good news”. According to the sender, the recipient’s email address had been randomly selected in a 2026 promotional draw, making them the winner of a US$1 million prize.
Such claims are not uncommon. Fraudsters frequently impersonate established companies, charities and government agencies in an attempt to exploit the trust associated with recognised brands.
The first warning signs
Rather than accepting the claim, the recipient questioned the circumstances. Why would an American company initiate contact through a Nigerian WhatsApp number? Why had no official notification been received?
The sender responded with a familiar explanation: the winner had supposedly been selected through an automated computer draw. The conversation soon shifted towards obtaining personal information.
The requested form included:
- Full name
- Home address
- Age
- Marital status
- Mobile number
- Email address
- Occupation
- Monthly income
- Next of kin
- Mobile network provider
Collecting this type of information is common in identity theft and financial fraud schemes.
A simple request changed everything
Instead of providing any personal information, the recipient made a simple request.
Before proceeding, they asked for:
- An email sent from an official Publishers Clearing House domain.
- The representative’s full name.
- An employee or agent identification number.
- An official case reference.
- A telephone number belonging to Publishers Clearing House where the representative’s identity could be independently verified.
The response was revealing.
The sender claimed that emails were handled only by “the CEO and manager” and could therefore not provide one.
Later, when pressed further, the explanation changed again. The sender now claimed to be only an agent and therefore unable to provide the requested verification.
No official email ever arrived.
The photograph that solved the mystery
Attempting to strengthen credibility, the sender eventually transmitted a photograph showing a smiling woman wearing what appeared to be a Publishers Clearing House “Prize Patrol” badge while holding a small blue delivery vehicle.
At first glance the image appeared convincing.
However, a reverse image search using Google Lens quickly revealed that the photograph was already circulating on TikTok and other websites.
This meant the image provided no evidence whatsoever that the sender was connected to Publishers Clearing House or that the individual in the photograph was even the person conducting the conversation.
Reverse image searching has become one of the most effective tools available to consumers investigating suspicious online contacts.
The conversation comes to an end
After being informed that the image had been traced online and that independent verification was still required, the sender provided only a Signal telephone number instead of an official company contact.
Shortly afterwards the conversation effectively ended with the brief responses:
“If it’s not okay for you.”
“Don’t bother yourself again.”
“I don’t like stress.”
No official documentation, corporate email or independently verifiable identification was ever produced.
Lessons for consumers
The exchange illustrates several techniques commonly seen in impersonation scams.
Fraudsters frequently rely on the reputation of legitimate organisations, create excitement around unexpected financial rewards, request extensive personal information and avoid independent verification.
Security experts consistently recommend that consumers never provide personal or financial information based solely on unsolicited messages. Instead, they should independently contact the organisation through its publicly listed website or customer service channels.
In this case, the scam did not fail because of sophisticated cybersecurity tools.
It failed because the recipient asked a very simple question:
“How can I verify that you really are who you claim to be?”
Newshub Editorial – Europe, 8 July 2026

Ask NF GPT
If you have an account with ChatGPT you get deeper explanations,
background and context related to what you are reading.

Recent Comments