In just over a month, Pokemon Go has rapidly become a worldwide sensation, with millions of adventurous players venturing outdoors to explore their surroundings and hunt for the digital critters via the augmented reality smartphone game. But with immense popularity comes an equal possibility of being targeted by cybercriminals.
Ever since the addictive mobile game took off, various scams have popped up to target players. The latest was recently uncovered by security researchers where players were being redirect to phishing sites.
According to Ireland-based mobile security firm AdaptiveMobile, scammers targeted Pokemon Go players – primarily in North America – by sending out thousands of SMSes prompting them to click on a link to gain access to thousands of Pokecoins and in-game currency, in exchange for points. However, the link would instead lead players to a phishing site called Pokemonpromo.xxx. The security firm designated the scam as the "largest Pokémon GO SMS spam campaign" that they had observed.
Phishing scams are popular among cybercriminals as they allow hackers to dupe victims into divulging sensitive information including usernames, passwords and credit card details. It is still unclear as to how many victims were affected by these scams and whether they were successfully tricked into providing the scammers with sensitive information.
Two other similar campaigns involved players being lured to phishing sites called "pokemon.vifppoints.xxxx" and "Pokemon Generator", with the promise of Pokecoins. "Links to these sites aren't only being distributed by SMS - they have appeared on social media sites and Pokémon forums as well," the security firm said.
AdaptiveMobile advised players to exercise caution when receiving SMS messages mentioning the game app. "It is likely that we will continue to see Pokémon GO spam for some time - at least until the hype around the app recedes. Until then users of app should apply caution when visiting web sites containing content about Pokémon GO. Be wary of any of any unsolicted SMS messages you receive mentioning the app - particularly if the message contains a URL as this may lead to a phishing web site or a site containing malware," the firm cautioned.