Scammers and spammers target Pokemon GO players: Internet Scambusters #711
Pokemon GO -- it's a game craze that's literally sweeping the world but, sadly, so are scams that target the players.
In this week's issue, we'll explain the 5 main scams and spam campaigns currently aimed at players and how to avoid them.
We also have details of a new video that shows the latest distraction trick that crooks are using at ATMs.
Let's get started...
Watch Out for these 5 Pokemon GO Scams
Scammers have swiftly latched onto the Pokemon GO game craze that's currently sweeping many countries.
Within days of its launch, it had already been downloaded onto smartphones tens of millions of times, but some versions of the game are virus-laden knock-offs, while the name itself is being used for scamming and spamming on a large scale.
For those who don't know -- and surely there can't be many -- "Pokemon" is shorthand for "pocket monster," but the creatures are actually Japanese cartoon characters, of which there are dozens of different types.
The game's makers are able to place Pokemons onto player's smartphones so that they appear to be actually out in the real world when viewed through the phone's camera (a technique known as augmented reality).
The game has captured the imagination and enthusiasm of players worldwide, as they go critter-hunting in streets, parks, forests and lots of other public, and some not-so-public, places.
The level of participation and the location of some of the characters have raised concerns about safety and several accidents have been reported.
But it's also brought the scammers out in force. So, if you're a player, you need to be on the alert to these tricksters, especially as the nature of the scams seems to be constantly changing as the crooks identify new opportunities.
The basic game itself is actually free and can be downloaded from Apple (iOS) and Google (Android) app stores. Players can then pay for enhanced features such as a currency called Pokecoins, or a type of virtual attractant known as a "lure."
But it didn't take long before scammers stepped in with:
1. Virus-infected versions targeting Android devices installed via other download sites.
The malware is used to give scammers access to the victim's smartphone and possibly also to directly steal information.
2. A bogus monthly subscription service.
Players receive a message warning they have to pay for a $12.99 per month upgrade to continue playing.
Otherwise, the message says, the game will freeze within 24 hours. This it totally fake and nothing happens if recipients just ignore the message.
The message contains links that take victims to a sign-on page where they're required to pay by credit card. All the information entered is then used for identity theft.
3. Spam campaigns offering lots of "free" Pokecoins for users who complete an online survey -- actually thinly disguised advertisements with no coins at all at the end.
Similarly, fake websites have been set up supposedly offering support, cheats and shortcut links in return for completion of these click-harvesting and product-pushing "surveys."
4. Lures that increase the likelihood of characters appearing in particular locations -- and then mugging players who turn up to "capture" the characters.
There are also concerns that lures may be used to draw children into unsafe locations and situations, though none had been reported at the time of this writing.
5. Various, dubious offers, usually on Craigslist, in which advertisers offer to help players locate Pokemon or increase their virtual wealth for a fee.
Some of these may be legitimate but there's no way of knowing that in advance.
In addition to these five scams, privacy concerns have been raised about the game.
At the outset, security experts claimed the game was capable of capturing and recording users' Google sign-on information as well as providing access to their email accounts.
The makers of the game subsequently announced that although this was technically possible, the game didn't actually access this information and that they would now remove this feature.
Avoiding these scams is a matter of common sense. In particular:
- Don't let children download and play the game without your involvement.
- Beware of visiting isolated, lonely or exposed locations where you could be targeted for theft. According to security firm Symantec, the game's makers say: "We encourage all people playing Pokemon GO to be aware of their surroundings and to play with friends when going to new or unfamiliar places. Please remember to be safe and alert at all times."
- Make time to read and check the game's terms and conditions, especially relating to its privacy policies.
- Don't download the game from unofficial sites or game repositories.
- Don't provide payment or confidential information to anyone or to any organization other than through the in-app payment arrangements.
- Don't be tempted to use online game-cheat tools. They may contain malware.
- If you are using an Android device, make sure you have up-to-date security software installed.
According to a recent news report, Pokemon-hunting players in Europe were spotted wandering into a real minefield in Bosnia -- a legacy of the war there in the 90s.
Thankfully, no one was injured but the story illustrates how caution and common sense sometimes go out of the window when enthusiasts get caught up in a game.
You may not be near a real minefield, but when you play Pokemon GO, make sure you look out for other hazards -- and stay safe.
Alert of the Week
Make sure you keep your eyes on your cash and your card every time you use an ATM.
It's easy to be distracted and it only takes crooks a few seconds to catch you out and steal your card.
Don't believe it could happen to you? Watch this new video -- it comes from the UK, but it could happen anywhere.
Time to conclude for today -- have a great week!