What the heck are you talking about now...
Let me explain this to you:
1. Scammer creates a token on BSC.
2. Scammer sends his token to a bunch of random addresses.
3. Scammer waits for someone to get scammed on his (phishing) website.
That's it. MetaMask isn't involved, nor Binance, nor Bscscan, nor anyone other than the scammer who created the token.
My address was freshly created, how could a scammer find out about this address?
It is either binance or Metamask that is to blame, since only they could create a script that automatically assigns these tokens to each freshly generated address.