Whatsapp is definitely one of the most popular social messaging applications in the world. In fact, as of last year’s data, more than 70 million people in India uses Whatsapp which is over 56% of the internet users in the country. Again, this was last year. I would make a safe assumption that more than 90% of smartphone users in India use Whatsapp. In May and June this year, a Whatsapp video call scam was doing the rounds among Whatsapp users, especially in India. And the scam is back!
Since the day Whatsapp announced their new video calling feature, a group of scammers has taken advantage to trick gullible users for data and money. I am sure a lot of us have already received a message that looks like this:
Once you click on this, it takes you to an unsafe website (as highlighted by many web browsers) and then asks you to share this with fours friends to enable the video call feature. Let’s dive deeper to see what’s happening here:
This particular domain name is registered in Mumbai and has 11 more domain names that it connects to as mentioned in http://whatsappcall.co/js/invite.js
var domains = ['whatsappvideoactivate.com', 'whatappvideoenable.com', 'whatappvideoonline.com', 'whatappvideofeature.com', 'whatappvideostart.com', 'whatsappcall.co', 'video.whatsappcall.co', 'whatsapp-videocalls.co', 'whatsapp-videocalls.com', 'videocall-whatsapp.co', 'video-whatsappcall.com'];
Now what happens is that this website invokes the Whatsapp application on your phone and displays this message:
window.location.href='whatsapp://send?text=*You\'re invited to try Whatsapp Video Calling feature.* %0D%0A%0D%0A Activate at: %0D%0A ???? http://' + domain + '/ %0D%0A%0D%0A_Only people with the invitation can enable this feature_';
I want you to notice that the URL doesn’t have a http: or https: rather it has whatsapp://
The domain is picked randomly from the list of 11 domains shared above. Next, this application prompts the following message:
window.alert("ONE LAST STEP\n\nDownload partner app OR click YES on next page");
Which takes you to this page: http://realmob.co/app.html going through multiple redirects:
then, that is redirected to
and finally, the last redirection to
Now Appfly is managed by https://appthis.com/ which according to their website description is “a global app distribution platform that helps publishers monetize their mobile traffic while providing advertisers with high-value users.” Basically, it is an affiliate and ad network for app publishers.
Well, someone is trying to take advantage of you being too naive and is now going to pile quite a lot of cash, maybe drive down his soon to be bought BMW along the coast at Marine Drive in Mumbai.
Jokes apart, please do not fall prey to this scam. Rather share this post with your friends.