Several sites are also attempting to phish user credentials.
There’s been no shortage of Pokémon Go related spam since the app sensation launched last month. And much of it, security researchers warn, may be malicious.
According to AdapativeMobile, a leading mobile security company in Ireland, thousands of potential Pokémon Go players in North America were recently targeted by an SMS campaign pushing a malicious web address. The link reportedly led to a “sophisticated phishing site,” which mimicked the real Pokémon Go homepage.
The website, Pokemonpromo.xxx, is no longer active, the firm said.
Phishing scams work by tricking people into handing over sensitive information, like usersnames and passwords or credit card and bank credentials, by using techniques that targets might think are credible.
Another campaign tracked by AdapativeMobile targeting users via SMS offered thousands of Pokecoins, in-game currency, in exchange for “points.” Users are reportedly prompted to share links “with five of their friends.” The same links have also appeared on social media.
One site, called “Pokemon Generator,” apparently tries to phish user credentials by telling them login so Pokecoins can be added to their accounts.
AdapativeMobile is warning users to be cautious when visiting any site containing Pokémon Go content. Users should be particularly wary, the firm says, of unsolicited SMS messages, “particularly if the message contains a URL as this may lead to a phishing website or a site containing malware.”