WhatsApp currently has over 200 million monthly active users in India. No wonder it has become a popular tool for scammers. Just last night, I received the following message from one of my friends on WhatsApp.
The message is in Hindi and loosely translates to this…
Open this message quickly. Answering only 4 questions is getting people Rs. 1000 Paytm cash. I got it. Even you try it.
As you can understand, such messages can easily fool users who are unaware of such scams and more so when things like ‘cashback’ is involved. I warned my friend not to click on the link and not to share it any further.
Soon after, I checked the link on my desktop (in a secure environment) and I received a warning on Firefox and Chrome. The messages were self-explanatory.
On Mozilla Firefox
The warning message read “Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards.”
On Google Chrome
The warning message read “Attackers on win-reward-cash.in may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards)“
And if our readers can recall, just last week, we had written about a similar WhatsApp scam that involved a message about a fake Jio Prime offer. Read about it here.
Important Update as of 21.03.2018
A couple of hours after this post was published, I received the same message on WhatsApp but this one had a different link.
I tried accessing the link and this time Firefox nor Chrome blocked it unlike in the case mentioned earlier. The link took me to the page shown below (fig 5):
• The web page was not secured with HTTPS and any data shared on it could be compromised.
• The terms and conditions were irrelevant. Click on the image below to view its enlarged version.
Moving on, there were four questions in total. I answered two of them correctly and despite giving two wrong answers, I was selected for the cash award.
Notice that congratulations has been spelt incorrectly and I gave 1234567891 as my phone number which is invalid. I clicked on submit and reached here.
So, there I was with a cash prize of Rs. 1000/- waiting to go into my Paytm wallet. I clicked on Confirm Withdrawal and was greeted by the message shown below.
The message said that I had to invite 10 of my WhatsApp contacts to take this test before I could ‘withdraw’ the reward of Rs. 1000/-. After completion of the invitation process, I clicked on Confirm Withdrawal and was asked to download a certain app.
The download button took me to a gaming app on Google Play whose size was about 24 MB and not 8 MB as shown above. I installed the app to check what it does. It was based on a game where you had to shoot bulbs using a catapult.
Some alarming observations about the app:
> The app required an email address for verification
> It encouraged me to download third-party apps
> It aggressively asked me to purchase game points
> It served a lot of ads
But most importantly, I never received the Paytm cash of Rs. 1000/- that was promised. So, it is safe to say that the main intention of the those behind running this scam was to earn money by tricking users into clicking on unwanted ads and making in-app purchases like buying game points.
To conclude, although the gaming app was not malicious, it was definitely not created with a good intention. And there are chances that the same process may be used to trick users into downloading a harmful or potentially dangerous app on their device.
So, what do we learn?
> Never trust such messages (WhatsApp, SMS, emails, etc.) that talk about offers/promotions which have not been officially confirmed or announced by the company itself.
> Do not click on links or try to access them on your phone or computer.
> Have an antivirus on your devices that can block such links if you happen to click on them unknowingly.
> Do not forward such messages to others, and warn those who might have sent you these messages.