Anatomy of a scam

A (smart) friend of mine sent me this Whatsapp the other day.

whatsapp scam

It looked like a scam to me, but I was interested in understanding a couple of things:

  • how smart people get taken in (i.e. what marketing/persuasion tactics were used)
  • what benefit the person who set it up gets

As I went through it I had discussions with my wife who managed to decode the tech stuff behind and (spoiler alert!) find the culprit.

Marketing persuasion tactics

The initial message is good:

  • they use the official logo
  • the domain looks legitimate (but actually it’s a subdomain of
  • it’s short and punchy
  • it contains the magic word “FREE” (twice)
  • Urgency (as Cialdini says) is a great method to encourage people. (though I think they’ve tripped up here: “Hurry up! Collect your FREE voucher” is not the words of a respected retailer giving away R5000)

Unfortunately the site is now down, so you’ll have to look at these desktop screenshots to puzzle through the rest of the process.


Screenshot 2020-04-18 at 10.46.59

The page you click through to is on the left and the Woolworths homepage on the right. If you compare them you can see quite distinct branding differences (i.e. the left hand version doesn’t have great branding: small logo, lots of colours, “cheap” design). The image of the shop on the left hand version is also a bit strange, it looks like someone’s taken a picture and it doesn’t look like they’d put a graphic designer on a promo that would be likely to cost them a fortune.

Step 1:

There is a countdown from 85 remaining vouchers on the page (again Cialdini’s principle of scarcity). It almost seems believable that Woolworths would be giving away big vouchers (especially in the first days after lockdown). The precision of the 2 day expectation of when you’ll receive the vouchers is a nice touch, it sets expectation and makes the offer less nebulous. Having to jump through some hoops to qualify also adds trust. It show it’s not some lame freebie, one actually has to work for it.

Step 3:

Step 2 was an age verification, another trust marker to prove your eligibility. Step 3 gives you more hope if you’ve never won a voucher previously, that they’re using an algorithm to ensure it must be your turn this time.


More Cialdini magic here, some social proof to cement the fact that you’re definitely going to win as evidenced by these real people (or three people from the Smith family). You can’t click on any of the profile links to check that they’re real, but having them there as proof is enough for most people.

Unfortunately this is where the wheels fall off a bit. The tool they use is a template that they’ve used for other offers and they didn’t bother to change this offer for a free pair of shoes to the Woolworths voucher.
Technical stuff

If you view source (and are cleverer than me) you can find out there is a script that does most of the hard work:

There are a couple of sites referenced and if you do some digging through domain registrars you’ll find a clear link to this guy in Delhi:

Screenshot 2020-04-18 at 11.43.24
It seems that he isn’t a developer and is using a script that you can buy for perpetrating scams like this (Google voucherf0c9.js if you’re in the market for some low level scamming).

He has Google Tag manager set up and a number of services to track events, generate random social profile pictures and an AI tracker

It seems that it is set up specifically for mobile and has a load of affiliate links/cookies on it (+/- 134 cookies!!)

You can see an example of another promo/scam that they had on their site below.


The big question, why do this?

People want to get a great/FREE deal so they’re motivated to fill it in, but what about the person that is perpetrating it.

My assumption is that they dump a whole load of affiliate cookies on your device, you share it with all of your friends so there is a large viral spread of this. Eventually someone will purchase somewhere and there is an opportunity to make some money off you.

Simple and effective if it spreads far.


I had the pleasure of receiving a new version yesterday, as you can see exactly the same template: