All wallets are scam.
Please use pywallet check keypool timestamp and version.
for example
"pool": [
{
"addr": "1N7nnUeJEmRdUCjUFSgoZSWn6cqNmyPPvc",
"n": 1,
"nTime": 1513148460,
"nVersion": 80500,
"public_key_hex": "029621dc737db8e74cfdb75e94a1ef5f7c266d62a200f97607074a549c943c9241"
},
the nTime is the password modify time.
You are wrong nTime parameter is the date when the wallet was encrypted for the first time. When you try to change the passphrase, nTime parameter does not change at all (I tried it on my wallets). It only changes when you have an unencrypted wallet and you decide to encrypt them. Only then does the nTime parameter change for the new date of encryption.