Pokémon Go Attracts Spammers with Malicious Intent

Posted on by

Pokémon Go Attracts Spammers with Malicious Intent

Perhaps unsurprisingly, the wildly popular mobile app, Pokémon Go has already attracted a phalanx of spammers, all of who are intent on luring users to websites
containing malicious code. Although it was only released at the beginning of July, the augmented-reality game developed by Niantic for mobile devices had been downloaded
over 130 million times by the beginning of this month, making it the most downloaded mobile game ever in the first month after release. With such a huge audience to target,
nobody who specialises in IT security will be taken aback at the fact that spammers have latched onto the game with such alacrity. However, if you are a player rather than a
security expert, you could well be taken unawares by the speed with which new spam campaigns based on Pokémon Go have been put together.

Using SMS to Target Mobile Users

Given that the game has been developed exclusively for iOS and Android operating systems, it is understandable that spammers have chosen SMS messages as the main vehicle
for their attack on users so far. Spam emails may be next on the agenda though so even if you have not yet been caught out by one of the rogue text messages, you should
remain vigilant as far as all your electronic communication channels are concerned. The SMS messages sent to Pokémon Go users contain exhortations to visit websites that
are supposedly designed specifically for fans of the game. With URLs containing phrases such as ‘pokemonpro’ and ‘pokemonpoints’, it is easy to see how enthusiastic players
could be tempted to throw caution to the wind and click on the links in question. Nevertheless, if you or your children should receive any messages or emails with such links
embedded in the text, the last thing you should be doing is clicking on them.

Offer of Free Pokécoins Used as Bait

Many of the sites to which players are directed encourage visitors to share their login details, which in most cases are the username and password from their Google accounts,
in order to receive free Pokécoins that can be used in the game. However, no coins are forthcoming and the only result of sharing your login details on these sites will be that
spammers will have access to your email account. The fact that the first version of the app requested full access to players’ Google accounts when they registered may have lulled
people into a false sense of security and convinced them that it was OK to share these details on websites that appeared to be related to the game.

Set to Continue for Some Time to Come

Until the initial excitement surrounding the game dies down, the spammers will continue with their attempts to direct players to phishing sites containing malicious code so
it is important that people remain vigilant. As far as emails are concerned, a fully-featured anti-spam gateway will help to repel attacks but players will need to exercise
their own judgement with respect to SMS messages.