Pokémon Go texting scammers are trying to hack you

There’s been no shortage of Pokémon Go related spam since the app sensation launched last month. And much of it, security researchers warn, may be malicious.

According to AdapativeMobile, a leading mobile security company in Ireland, thousands of potential Pokémon Go players in North America were recently targeted by an SMS campaign pushing a malicious web address. The link reportedly led to a “sophisticated phishing site,” which mimicked the real Pokémon Go homepage.

The website, Pokemonpromo.xxx, is no longer active, the firm said.

Phishing scams work by tricking people into handing over sensitive information, like usersnames and passwords or credit card and bank credentials, by using techniques that targets might think are credible.

Another campaign tracked by AdapativeMobile targeting users via SMS offered thousands of Pokecoins, in-game currency, in exchange for “points.” Users are reportedly prompted to share links “with five of their friends.” The same links have also appeared on social media.

"Gotta Spam ‘em All" -

“Gotta Spam ‘em All” –


One site, called “Pokemon Generator,” apparently tries to phish user credentials by telling them login so Pokecoins can be added to their accounts.

AdapativeMobile is warning users to be cautious when visiting any site containing Pokémon Go content. Users should be particularly wary, the firm says, of unsolicited SMS messages, “particularly if the message contains a URL as this may lead to a phishing website or a site containing malware.”

H/T ThreatPost

Dell Cameron

Dell Cameron

Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.