Beware; Hackers targeting Pokemon Go Users with Smishing Scam
Pokemon Go Game Inspiring one Scam After Another — After malware and RAT infected apps here comes Pokemon Go smishing (SMS Phishing) scam!

When a game becomes popular, scammers are bound to utilize this fame for their own malicious gain. The same has happened with the Pokemon Go game. Hackers and scammers are trying to capitalize on the unprecedented popularity gained by this amazing and unconventional action-packed game.

Must Read: Malware Infected PokémonGo Apps Found on GooglePlay Store

The latest campaign to be identified by researchers is the malicious, backdoored app that is available on a file repository service. In this new campaign, attackers have attempted to lure Pokemon Go players by forcing them to view SMS spam messages so that they visit infected websites.

This was revealed by an Irish mobile security company AdaptiveMobile. According to the firm’s analysis, thousands of such spam SMS messages have been sent to users in North America during the past few months. One of the infected site that constantly appears on this scam is pokemonpromo[.]xxx, which appears to be a legit Pokemon Go site. The site claimed that it would be providing users additional features of the game if they refer the site to 10 new users.

beware-hackers-targeting-pokemon-go-users-with-smishing-scam-1
Screenshot shows three different smishing scams targeting Pokemon Go gamers! / Via: AdaptiveMobile

Must Read: Pokémon Go Exploitation Saga Continues; Beware of New Ransomware

AdaptiveMobile states that the site is only one of many such websites that offer users as many as 14,500 Pokecoins. Only an ardent Pokemon Go player would understand the significance of the game’s currency Pokecoins.

Chief Intelligence Officer of AdaptiveMobile, Cathal Mc Daid states that shortened versions of URLs on Google led to the generation of spammed site. Some of these websites are circulating as Pokemon Go official websites while some are appearing from different names. Another such site is pokemon[.]vifppoints[.]xxxx, which also is being advertised as a legit Pokemon Go forum and promises Pokecoins if the site is referred to five friends. Another one is the Pokemon Generator that asks users to provide their login credentials, which in a majority of cases are Google email IDs and passwords.

beware-hackers-targeting-pokemon-go-users-with-smishing-scam-2
Screenshot shows what happens when users click on links they receive in this scam / Via: AdaptiveMobile

Must Read: PokemonGo Servers Go Offline; PoodleCorp Claims Responsibility

According to McDaid, “It is likely that we will continue to see Pokémon GO spam for some time – at least until the hype around the app recedes. Be wary of any unsolicited SMS messages you receive mentioning the app – particularly if the message contains a URL as this may lead to a phishing website or a site containing malware.”

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.