Pokémon GO Players Fall for Phishing Con

The sudden success of Pokémon GO has scammers cooking up ways to cash in on the app’s popularity. The latest is a phishing email that fools victims into thinking they need to pay for the game.

How the Scam Works: 

You receive an email addressed to Pokémon GO players. The message reads: “due to the overwhelming response to our new Pokémon GO app and the need for more powerful servers we can no longer afford to keep your account as free.” The developers are now charging $12.99 a month, and your account will be frozen if you don’t upgrade.

The email urges you to click a link, log in to the app store and purchase the “full version.” Don’t do it! The log-in form isn’t run by an official app store or Ninatic Labs, the game’s developers. It’s on a third party site, and it is a way to steal users’ passwords.

Unfortunately, this is not the only Pokémon GO scam out there. Before the app launched, scammers lured victims with the promise of getting early beta test access to the game. Then, a fake version of the game appeared in some app stores. As long as the app stays popular, scammers will devise new ways to fool players. 

How to Spot a Phishing Scam:

Be wary of unexpected emails that contain links or attachments. Do not click on links or open files in unfamiliar emails.

Check the reply email address. One easy way to spot an email scam is to look at the reply email. The address should be on a company domain, such as jsmith@company.com.

Don’t believe what you see. Just because an email looks real, doesn’t mean it is. Scammers can fake anything from a company logo to the “Sent” email address. 

Consider how the organization normally contacts you. If an organization normally reaches you by mail, be suspicious if you suddenly start receiving emails or text messages without ever opting in to the new communications.  

Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Be especially wary of messages you have not subscribed to or companies you have never done business with in the past.

For More Information

Read Variety’s coverage of the scam on their website.

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scam). To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker). 

Enjoy Pokemon GO… with Caution

In just a few days, Pokemon GO has become the most downloaded phone app in the U.S. The app, which uses mapping software to create a virtual reality game, is getting children and adults out and about in their neighborhoods to “catch” the game characters as they pop up on phone screens from various locations.

Although the game can be a blast, BBB is warning players and parents to be aware of some nuances that go with GO.

Jim Gaffigan Phone

Expenses: It’s possible to play completely cost-free by winning “PokeCoins” (the app’s currency) through gameplay, but you can also purchase the coins through an in-app purchase. The longer you play, the more spending money you need to store and “train” your gathered characters. The app also requires constant GPS access, and it uses a lot of data. After playing for hours every day, consumers with limited data plans may find themselves with a hefty bill at the end of the month.

Privacy: In order to play the game, users must allow the app to access other applications, such as maps and camera. Many users sign in with a Google account, and that has caused some concerns about privacy. The Android version of the game only accesses limited data (such as the user’s email address), but the iOS version for the iPhone can access all Google data. Niantic, the game’s maker, says no personal information has been accessed, and it is issuing a bug fix to correct the problem. Users can create an account through the app itself rather than using an email address to access the game.

Malware: So far, the app is only available in the U.S., Australia and New Zealand, which has given cybercriminals an opportunity to capitalize on the demand. A malware version of the game has been found online; although no known infections have been reported. Users should only download the app through official app stores, not third-party sites.

Safety: Players should use the same safety precautions while playing the game that they would in any other outdoor setting, including caution in strange locations. A Missouri police department reported robbers using a secluded “PokeStop” location to rob unsuspecting game players. Players should be cautious as pedestrians and obey all traffic laws, and drivers should be on the lookout for children who may be distracted by the game. The app also drains phone batteries, so users should be careful not to get stranded far from home.

Infringement: PokeStops are supposed to all be on public property (or cooperative private sites), but at least one homeowner has reported that his historic house is mistakenly a PokeStop. Players should be respectful of others’ private property. Future commercial opportunities are anticipated, where stores can offer rare or unique characters to add to the game.