Blog
Rajiv Singha

Beware of the new WhatsApp message scam that promises Rs. 1000/- Paytm cash!

March 20, 2018
  • 16
    Shares
8
Estimated reading time: 4 minutes

WhatsApp currently has over 200 million monthly active users in India. No wonder it has become a popular tool for scammers. Just last night, I received the following message from one of my friends on WhatsApp.

Fig 1

The message is in Hindi and loosely translates to this…

Open this message quickly. Answering only 4 questions is getting people Rs. 1000 Paytm cash. I got it. Even you try it.

As you can understand, such messages can easily fool users who are unaware of such scams and more so when things like ‘cashback’ is involved. I warned my friend not to click on the link and not to share it any further.

Soon after, I checked the link on my desktop (in a secure environment) and I received a warning on Firefox and Chrome. The messages were self-explanatory.

On Mozilla Firefox

The warning message readFirefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards.”

Fig 2

On Google Chrome

The warning message read “Attackers on win-reward-cash.in may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards)

Fig 3

And if our readers can recall, just last week, we had written about a similar WhatsApp scam that involved a message about a fake Jio Prime offer. Read about it here.

 

Important Update as of 21.03.2018
A couple of hours after this post was published, I received the same message on WhatsApp but this one had a different link.

Fig 4

I tried accessing the link and this time Firefox nor Chrome blocked it unlike in the case mentioned earlier. The link took me to the page shown below (fig 5):

Fig 5

Note:

• The web page was not secured with HTTPS and any data shared on it could be compromised.
• The terms and conditions were irrelevant. Click on the image below to view its enlarged version.

Fig 6

Moving on, there were four questions in total. I answered two of them correctly and despite giving two wrong answers, I was selected for the cash award.

Fig 7

Notice that congratulations has been spelt incorrectly and  I gave 1234567891 as my phone number which is invalid. I clicked on submit and reached here.


Fig 8

So, there I was with a cash prize of Rs. 1000/- waiting to go into my Paytm wallet. I clicked on Confirm Withdrawal and was greeted by the message shown below.

Fig 9

The message said that I had to invite 10 of my WhatsApp contacts to take this test before I could ‘withdraw’ the reward of Rs. 1000/-. After completion of the invitation process, I clicked on Confirm Withdrawal and was asked to download a certain app.

Fig 10

The download button took me to a gaming app on Google Play whose size was about 24 MB and not 8 MB as shown above. I installed the app to check what it does. It was based on a game where you had to shoot bulbs using a catapult.

Some alarming observations about the app:

> The app required an email address for verification

> It encouraged me to download third-party apps

> It aggressively asked me to purchase game points

> It served a lot of ads

But most importantly, I never received the Paytm cash of Rs. 1000/- that was promised. So, it is safe to say that the main intention of the those behind running this scam was to earn money by tricking users into clicking on unwanted ads and making in-app purchases like buying game points.

To conclude, although the gaming app was not malicious, it was definitely not created with a good intention. And there are chances that the same process may be used to trick users into downloading a harmful or potentially dangerous app on their device.

So, what do we learn?

> Never trust such messages (WhatsApp, SMS, emails, etc.) that talk about offers/promotions which have not been officially confirmed or announced by the company itself.

> Do not click on links or try to access them on your phone or computer.

> Have an antivirus on your devices that can block such links if you happen to click on them unknowingly.

> Do not forward such messages to others, and warn those who might have sent you these messages.

 

If you think this post is helpful, then share it with your friends on Facebook, Twitter, and WhatsApp (on your phone) and warn them against this threat. Stay safe.

  • 16
    Shares

Have something to add to this story? Share it in the comments.

Rajiv Singha
About Rajiv Singha
Rajiv is an IT security news junkie and a computer security blogger at Quick Heal. He is passionate about promoting cybersecurity awareness, content and digital...
Articles by Rajiv Singha »

8 Comments

Your email address will not be published.

CAPTCHA Image

  1. Nayan BrahmbhattMarch 23, 2018 at 9:42 AM

    Hey Rajiv,
    Nice article. Its the mirror to the users of WhatsApp who spreads such meaningless and baseless messages.
    Rather than spreading such messages, need spare some more time to think about to make scams like Nirav Modi, Vijay Mallya. They will earn thousand times more than 1000 Rs cashback. 🙂

    Reply
  2. Venus ParmarMarch 23, 2018 at 6:31 PM

    Hello,

    Information provided here are most helpful to everyone. Thanks for the information.

    My question is that, Is it grantable to copy this entire information and then we make pdf file for this information and share on whatsapp in our group?

    Reply
  3. excellent job sweet heart

    Reply
  4. Sumit kumarMarch 24, 2018 at 6:02 PM

    Important information sir.
    Very good.

    Reply
  5. ABDUL HAKIM GAZIMarch 24, 2018 at 10:19 PM

    good

    Reply
  6. chetan indoriyaMarch 24, 2018 at 10:21 PM

    mast

    Reply
  7. PANKAJ CHAUBEYMarch 29, 2018 at 8:46 PM

    Nice app

    Reply