Pokemon Go Brings New IT Threats to Company Networks

Pokemon Go Brings New IT Threats to Company Networks

Pokemon Go Brings New IT Threats to Company Networks

Gaming isn’t exactly a recommend office activity for most businesses, how people spend their private time is generally their business.

But because of the new Pokemon Go craze there’s a huge new rash of potential security risks to watch out for in your office, and you better get up to speed fast.

Pokemon Go has quickly become the most popular downloaded game in North American history. Just as quickly, it’s attracted organized cybercrime, and with it an unprecedented onslaught of new phishing hazards. It’s not just the range of new traps that is surprising, but also speed in which they are coming on stream.

These are the same criminal networks that have almost tripled phishing attacks on corporate employees this year.They're using adaptations and variations of many of those same successful tactics and tools on Pokemon Go players. So far it's been a smorgasbord for them.


If your company or organization has employees who play Pokemon Go who connect to your network with private mobile devices or VPN, your data security may soon be at risk.


Some quick stats about Pokemon Go you should know

Consider that Pokemon Go was only just officially released in a few countries just this month—on July 6, (July 17th in Canada).

By July 24th, there were over 75 million downloads on iOS and Android around the world! Last week it was averaging about 21 million players each day, peaking at 25 million players on July 24th. (In case you’ve been hibernating and you’re wondering what the heck we’re talking about, you can learn all you need to know about the game here).

So, there are a lot of people playing Pokemon Go. Who are they?

It might surprise you to know that the huge majority of adult Pokemon Go players are aged 18 to 34, and about one third are women.

The Pokemon Go game itself is not malicious or a threat. It’s the combination of mass popularity and inevitable human nature that makes it dangerous for some.

Pokemon Go is free to download and play. But like many modern games, there are in-app purchases for items and add-ons to speed things up for those with less patience. You can spend anywhere from $0.99 to $99 U.S. to buy Pokecoins, a virtual currency which is traded for items within the game.

Those who don’t purchase these shortcut advantages have to grind—pound the streets to get ahead. Because the game takes a long time to play and they don’t want to pay, many people cheat. Or get tempted with offers of shortcuts and freebies.

Scammers and cybercriminals have been incredibly fast to capitalize on Pokemon Go player’s greed and laziness. Within days of the release, people started looking for cheats online. Already they’ll find hundreds of websites available, most of them scams or loaded with malware.

The last time I check (July 26, 2016 – just 20 days after the official launch date), there were 115 free apps and guides available on Google Play. After reading our list below, you’ll want to be careful choosing any of them.

Here is a run-down of the 5 most common scams to hit Pokemon Go so far, (as first published by Scam-Detector here)


1: Fake Pokemon Go apps Scams
The most common Pokemon Go scams are unofficial Pokemon Go apps. They have similar-looking names like Pokemon Go Ultimate or Install Pokemongo – some of which tens of thousands of them were downloaded from Google Play and iTunes App Store before they were caught.


In some variations, the code located in fake apps applied a remote access location as Pokemon Go. Once installed, the app looks legitimate with Pokemon Go login screen but ends up giving complete access to your phone and its data.


Other apps appearing have been connected with either installing malicious code, or a variety of identity theft scams. One that’s been discovered locks users out of their phones before sending browsers to malicious sites.


Pokemon GO free PokeCoins? Don’t fall for it.

2: Free PokeCoins Scams
As we’ve said, Pokemon Go is a free app, but the company will sell you PokerCoins from within the game itself. That’s how they make money.


In this scam, the criminals have created surveys offering free PokeCoins. Once the user clicks on the scam site, they are asked for their Pokemon Go username and the amount of coins they want.


These sites then require Pokemon Go users to go through a verification process, which includes completing a survey form, installing few applications or signing up for additional services. While user data may not be getting compromised here, the scammers are collecting private details about your identity through the variety of questions by different sites they route you through.


In a different variation of the Free PokeCoins scam, cybercriminals created and launched malicious mobile apps, such as Guide and Cheats for Pokemon Go, which automatically installs malware on your phone. Although this particular app was reported and removed from the store, we expect you’ll be able to find it and variations of it on other websites.


I’m sure it won’t be long before players start seeing ads and websites claiming to offer “free” Pokeballs, Lucky Eggs, Incense and other in-game items. Don’t fall for them, they will be scams too.

3: More cheating strategies
Because a lot of players are lazy, they want to take the easy way to reach their goals. Meaning they’ll cheat. Pokemon Go users have been found spoofing GPS location data, sticking their mobile device to toy trains, dogs, ceiling fans or even drones to trick the app to think the user is moving (a game requirement).

The danger is when the cybercriminals offer you --via third parties that look legitimate-- GPS spoofing tools, but with remote location trojans programs to gain control to your device.

4: Pay For Upgrade Scam

An official-looking phishing email (don’t they all look official?) is still circulating around the world claiming to be from Niantic Labs offices. The email, announces that Pokemon Go will begin to charge $12.99 a month to use the full version. The content reads: "We regret to inform you that due to the overwhelming response to our new Pokémon Go app and the need for more powerful servers we can no longer afford to keep your account as free”.

The email also informs you that Nintendo will “freeze accounts in 24 hours if users do not upgrade through their app store.".

This scam is designed to steal money and your identity information from unsuspecting victims, another indicator that scammers continue to change tactics to match the times.

5: Pokemon Go Cheats and Hacks
I really wish we didn’t have to remind people that any website that offers players a way to cheat or hack the game I S S U S P I C I O U S! Most of these websites are honey traps for organized crime syndicates and scammers to get your money, infect your computer or steal your personal data. If you really have to, read our 10 online safety tips for Pokemon Go players below, and do careful due diligence on the website first.




Follow a Privacy Trap Trail for Fun

If you are into learning about some of the technical details of a very popular Pokemon Go phishing scam, you’ll enjoy this entertaining trail of a “privacy trap” scam called “Pokemon Go Hack Tool for free”, by Arsh Arora, a malware analyst and PHD student at UAB in Birmingham, AL.

Read it here Pokémon Go: An Invitation to Spammers


10 Online Safety Tips for Pokemon Go Players

1: Before downloading and installing any Pokemon Go-related apps, read reviews, and try to verify official versions where possible.

2: Use a unique and strong password when creating your player account, these sites are big targets for hackers. Niantic, Nintendo and the Pokémon Company's official Pokémon Go app could be just as vulnerable to attack from malicious cyber gangs it turns out, as a hacker group threatened to take the game offline on August 1.

3: Keep all your browsers up to date with versions and security patches. Same with your operating system. And your malware/antivirus software.

4: Back up your files monthly. If you get hit with a ransomware attack, you don’t have to worry about losing much data to hacks.

5: Google search for scam reports on any game hacks you are interested in.

6: Only add your personal information onto encrypted websites Look for https:// in the address bar.

7: Be leery of shortened URLs, like as Bitly that hide the website’s real URL destination. If you don’t know where a link will take you, don’t go there.

8: Research scam reports on any purported game hacks

9: Be cautious when buying anything online. If they only accept bitcoin, back away.

10: Back up your files regularly. If you get hit with a ransomware attack, you’ll be glad you did.


Final word: If you discover that you’ve been the victim of a Pokemon Go (or any) scam, whether at home or at work, please tell your company’s IT department immediately. I’m sure they’ll want to help remove or mitigate any potential damage before your jacked device or poned information can harm the company.

The Top 4 Technology Issues Every Business Must Pl...
Is Email Phishing Unstoppable? Just don’t rely too...

Related Posts

By accepting you will be accessing a service provided by a third-party external to https://www.netcotech.com/