Planet49, a Hong Kong-based digital marketing company with close associations with Asia Pacific Marketing Limited, targeted South African users with a digital marketing campaign intended to harvest their personal information. The campaign falsely presented a COVID-19 “relief promotion” by local grocery chains. In reality, it enticed WhatsApp users to not only share the promotion with several of their WhatsApp contacts, but also consent to Planet49 selling their personal information to third parties.

The grocery chains referenced in the campaign have denied any involvement with Planet49.

A DFRLab investigation analyzed the source code of these websites, which revealed the links to a Planet49 website registered in 2014. The website had fabricated a Facebook-style comments section using an API for randomly generating profiles pictures. Reverse image searches revealed that these profiles pictures were used prolifically across social media, blogging platforms, and review platforms on other websites.

There is also evidence that some of these campaigns were used in Australia as well.

Planet49 registered the www.sa-rewards.co.za domain in May 2014. Less than a year later, the first warnings against the website and its fake voucher lotteries began circulating online. In 2019, Planet49 was reprimanded by the European Court of Justice for transgressing GDPR requirements in its online lotteries. Meanwhile, crucial sections of South Africa’s Protection of Personal Information (POPI) Act, meant to be the country’s parallel to GDPR, are still in limbo since some sections of the POPI Act were promulgated six years ago.

The website

The campaign spread mainly via a short WhatsApp message that contained a link to a seemingly legitimate website for one of South Africa’s grocery chains.

This message was deceptively styled to mimic the official Woolworths website, and gave the impression that Woolworths was giving away R5 000 ($280) worth of groceries for free as part of a coronavirus support program.

A screengrab of the WhatsApp message linking to the dubious website, indicating the deceptive logo and URL. (Source: @jean_leroux/DFRLab)

Once a user clicked on this link, a two-stage process commenced.

Firstly, a landing page (woolworths.co.za-groceries.store) enticed the user into sending the same WhatsApp message containing a link to the website to several of their contacts. This landing page changed twice during the course of the DFRLab investigation, but the content remained identical. It did this by taking the user through a short survey before prompting them to send the link to at least 10 of their contacts. A counter would keep track of the number of times a user shared this with their friends or groups.

These steps could be discerned from the JavaScript functions embedded into the buttons.