Pokemon Go Spam Message Campaign

Over the last few weeks Niantic’s location-based augmented reality game Pokémon GO has rapidly become something of a world phenomenon. It is now one of the world’s most popular mobile applications – recently reaching over 100 million downloads. While this explosion in popularity may be good for the developers of the game, it makes fans of the game far more vulnerable to cybercrime. At AdaptiveMobile, we are used to seeing spam that is topical and in line with current affairs. Anytime an issue captures the public’s attention spammers will often try to capitalise on this popularity by sending spam containing content related to that issue. For example, after the recent “Brexit” referendum in Britain we observed lots of “Brexit” spam (which played on the fears of many of the economic effects of Brexit). Similarly, since the release of Pokémon GO we have seen a lot of spam related the app.

Brexit Spam

“Forget Brexit,I WILL MAKE YOU $100,000 IN THE NEXT DAYS!Or I’ll pay you $10,000! [url=][/url] SupportOurCause: [url=][/url] ReplyToStop “

“Look Adison, Here Is a Ridiculously Simple Way That Canadians Can Make 734$/Day After The Brexit! [url=][/url]”

Millionaire club screen linked from Brexit related SMS spam, claiming the user can get free access to millionaire's society Scam phishing page featuring woman holding dollar bills and advertising a draw for $45 million dollars


The largest Pokémon GO SMS spam campaign we observed were messages sent to subscribers trying to entice them to visit a website called Thousands of SMS messages containing a URL to this website were sent to North American subscribers. The website is a sophisticated phishing site that closely mimics the real Pokémon GO site. It claimed to provide the user with additional features to the game if they refer 10 of their friends (likely to spam them as well). This website is no longer active and has been flagged as a phishing site.

Pokemonpromo SMS Message

Pokemonpromo Landing Page

Pokemonpromo phishing site Landing Page closely mimicing official Pokémon site

Another Pokémon GO spam campaign offered 14,500 Pokecoins (a type of virtual Pokémon GO currency used for in-app purchases) when you collect 100 points. The messages contained google URL shortened links leading to multiple spam web sites – some of which were Pokemon GO related and others which weren’t. A similar campaign offered a giveaway of Pokecoins on a web site called pokemon.vifppoints.xxxx (and other variations of this URL), where it also prompted visitors to the site to share it with five of their friends. A phishing website called “Pokemon Generator” attempts to lure Pokemon GO users to give their login details so that Pokecoins can be added to their accounts. Links to these sites aren’t only being distributed by SMS – they have appeared on social media sites and Pokémon forums as well.

Pokecoins SMS Spam Messages

Pokemon Go themed scam SMS message offering Pokecoins if the user clicks the link Scam SMS messsage offering coupons for Poképoints

Pokecoins SMS Spam Landing Pages

Pokecoins SMS Spam Landing Page This is your chance to win new iPhone 6s scam advertisement, featuring iPhone 6s and options to choose colour Landing page for Pokécoins generator phishing page featuring a pokéball


It is likely that we will continue to see Pokémon GO spam for some time – at least until the hype around the app recedes. Until then users of app should apply caution when visiting web sites containing content about Pokémon GO. Be wary of any of any unsolicted SMS messages you receive mentioning the app – particularly if the message contains a URL as this may lead to a phishing web site or a site containing malware.

Thanks also to Mallesham Yamulla for research and contribution to this blog.

Related insights

Mobile World live webinar: Diary of a CISO

Watch Webinar Recording: Diary of a CISO – Building a Resilient Telecom Organization

Read more

Tags: MNO, Mobile Security

Storm-0539 Cybercrime Gang: Microsoft Alerts Companies of Gift Card Fraud From Moroccan Hackers

Read more

Tags: SMS, SMS scam

Infosecurity Magazine logo

Cyber-criminals Exploit Cloud Storage for SMS Phishing Scams

Read more

Tags: SMS scam

Enea in Mobile Europe

Cyber-criminals using AWS, Google and IBM services to steal data by SMS

Read more

Tags: SMS scam

Top Cloud Services Used for Malicious Website Redirects in SMS Scams

Read more

Tags: SMS, SMS scam