A game based on the concept introduced by the movie Nerve, or is it the other way around? It is a little-known fact that blue whale has been around since 2013. Only recently, it is seen starting to develop victims in Pakistan/India region.

And of course, we Pakistanis can find the funnier side of this. You just have to admire the creativity here:

Okay, now back to the topic you are here for.

The thing about the internet is; it is hard to keep all your information private. It can reveal a lot about you. But to get the ‘blackmail kind’ of information requires a lot of skill and effort. Anyone with a decent understanding of computers and internet can easily hide his/her ‘blackmail kind’ of information.

The person managing Blue Whale understands this. They exploit the first bit; it is hard to keep all your information private.

This is how they get their victims:

The Blue Whale managers find an email address. They can go through old office records, university records, school records, etc. to find emails or they can simply even guess emails. People tend to make as few email IDs as possible and link every online service/account with those emails. Anyone using an Android phone mostly uses one ID to access his Gmail, Facebook, Twitter, 9gag, Instagram accounts. The Blue Whale managers put in the email into the username and just click forgot password. A lot of us have linked our mobile phone numbers to our social accounts, so the service automatically says “we have sent a security code to your number ending with” and displays last 2 or 3 digits of your mobile number.

screen shot of forget my password screen

In the image, the top censor hides my email address, and the bottom one hides the last two digits of my mobile number.

I trust you guys, but you do understand that I have to hide my email and the last two digits of my mobile number? 

All the Blue Whale managers do is sending an email to that email address, claiming they have the victim’s phone number and that he/she has to play the game now, when in fact, all they have is an email and last two digits of your phone number. The managers further writer “to decline the offer to play, you must text us back.” And obviously, it goes without saying if you do that then the Blue Whale managers get your complete number.


screen shot of a typical email from BW
source: twittistaa

As you can see from the actual email from the Blue Whale team, they are not doing any hacker mumbo jumbo, all they are trying to do is scam you in doing what you should not do.

I do not think they have anything concrete, just some experience of internet exploitation and access to old records containing email addresses. If you get an email like this, simply delete the email and add the email address to spam. Also, for good measure, inform the Cyber Harassment Helpline of the email.


These types of scams can easily be avoided if the user is aware of the working of social sites. All it takes is a little caution and some research into what you are using.

Stay safe; We love you all.