Yesterday, we received a message from a friend which stated ‘OMG! Have you seen this?’ The message did not describe anything about the content, but simply had a link that was stating some ‘BigBillionDay13’ offer. Since the friend was a close one, (and we know that such messages are usually hoaxes, we still went ahead to click on the url to find out more. It turned out as we expected — a hoax message with a freebie offer.
On clicking the url, it took us to a ‘dummy’ website that claimed Amazon to have a ‘BigBillionDay’ offer with a ‘one-time’ spin the ‘Lucky Wheel’ chance to win some exclusive prizes. The page then shows a prize wheel that needs to be spun with a few comments below it claiming that they won some really great and unbelievable prizes.
On spinning the ‘wheel’, it rotates and stops at ‘free spin’ where the website excites you that you have one more spin for free. On doing so, the wheel spins again and stops at a iphone7. To excite the user, the message continues stating that in order to claim the prize, you need to follow a few instructions ahead. This includes sharing your happiness about the ‘so-called prize’ with five friends. Only after sharing it with five friends will the message go away and you will see another page ahead. This page now claims that your prize is reserved for you and you will get it only after you complete one last step. This step forces you to download and install a free game ‘Castle Clash’ from the Google Play Store. ‘You need to install and use the game for at least 30 seconds in order to unlock the content ahead’ states the next message. On downloading the game, nothing happens and you don’t have any more claimed ‘prize’.
Well, though it does sound easy, you should know that you have actually clicked on links that have ads and you have made the crook richer by a few more dollars. Additionally, you now have also sent the same message to five more friends, who will then send it to more five and the chain goes on. This way, no one gets any prize, but they actually click on ads and make the cyber crook richer buy the hour.
Do note, though such hoax messages are become common and you only end up clicking on a few ads. However, the ads or pages you see could be having some embedded, invisible scripts that run automatically in the background. These scripts can harm your operating system by automatically creating backdoors into your smartphone and leak out sensitive information such as your contacts, messages, emails, photos, bank account details and much more. And it could also get worse—if you have a rooted smartphone, the scripts could hijack your operating system and the hacker could take control of your smartphone for good.
In such cases, we advise all WhatsApp users not to open any such messages, even if they are passed on by known people. If you think the message could be genuine, we suggest that you inquire back with the user about the message and the url inside it and then go ahead to open it. Alternatively, we also advise you to install an antivirus app to stay safe.