Pokémon Go, the viral mobile reality game, lures players toparks, landmarks and buildings – perhaps even credit unions. Somebusinesses willingly capitalized on the craze, which has raisedsecurity concerns.

The app, available through Apple and Google Play, launched a fewweeks ago and quickly began topping download charts in the UnitedStates, Australia and New Zealand.

“It is the first augmented reality game that has really caughtfire,” Mark McArdle, chief technology officer for the Canadiancybersecurity firm eSentire, said.

Reports claimed the game is poised to surpass Twitter's 100million daily logins.

“There is a huge fandom that is the initial/original base forPokémon, but what is unique is that we are seeing Pokémon Gotrending wildly, capturing those that weren't in the original fanbase,” Emily Mayben, marketing director for the $264 million,Gadsen, Ala.-based AlabamaTeachers Credit Union, shared. “Users may or may not go out andbuy Pokémon trading cards or collectibles, but what is important isthat they are engaging with the brand by playing the game.”

The goal of the free, popular game, released by the SanFrancisco-based Niantic, is to capture Pokémon creatures andnurture them so they will win battles against other players'Pokémons. Unlike past Pokémon games, which took place in afictional world, the new game is set in the real world and usessmartphones' geolocation capabilities.

Many locations received surprise visits from players while somebusiness owners decided to capitalize on their status as a PokéStopor Pokémon Gym location, which Niantic pre-determines. Pokémon Gohas a purchasable in-game item called a Lure Module, which attractsPokémon to a particular PokéStop for 30 minutes.

“When something like this happens, it is another reminder ofthe relevance of social media, e-services and mobile devicetools offered by credit unions,” Mayben said.

She pointed out society is engrossed by electronic platformofferings such as Snapchat, Instagram, Facebook, Yelp and nowPokémon Go.

“Thus, this is where our members/potential members are.”

Mayben said the game should serve as another reminder to creditunion marketers to engage people through these platforms andtrends. It also points to the importance of being able toadapt.

“Remember, social media was a trend 10 years ago,” she said.“Now, look how it is an integral part of how we market.”

Mayben added, “We have no idea if Pokémon Go will be around 10years or even 10 months from now. However, what we can learn fromPokémon Go is, let's be relevant and cognizant of what's going onaround us as marketers. Currently, Pokémon Go is a game with in-apppurchases. Time will tell whether ads become part of the platform.There is potential for businesses whose locations become Pokéstops,but credit unions need to consider risks involved in an influx ofPokéhunters being drawn to credit unions to search for virtualanimals.”

There are other risks, too. When the app was developed, theauthor said, there was an error that led to the game asking formore privileges than needed, McArdle said. In mobile apps, usersoften do not pay enough attention to the required permissions.

“With the Pokémon Go app, the developer quickly came up with anupdate that reduced the level of permissions,” McArdle explained.But it is still not clear if the developer forced users tore-authenticate the app through Google with a smaller set ofpermissions.

McArdle noted this is a great example of how accidently, orthough inattention, mobile device users become vulnerable to malware or fraud by granting apps access toeverything.

In addition, some requests, like access to GPS, seem very subtleor reasonable, but users should ask themselves if they want an appto know their location 24/7.

“You have to be a bit more skeptical and think through theimplications of what these applications can access,” McArdlesaid.

Predictably, the game became a target for attackers eager totake advantage of the trend, and soon after the official release, amalicious Pokémon Go app containing the remote-access toolDroidJack appeared.

Infected users received the malicious version by sideloading theapp, circumventing the Google Play store, and instead downloadingan Android application package format from the web, Amanda McAdoo,digital marketing coordinator at the Carlsbad, Calif.-basedcybersecurity firm ThreatSTOP, explained in a blog.

“Android users have been able to do this for quite some time bysimply changing their security settings, but this particularincident being attached to such a popular game has shined aspotlight on the loophole once again,” she said.

McAdoo also pointed out in 2012, a McAfee study found that morethan 60% of Android malware samples were from a family known asFakeinstaller.

“So you might be thinking 'I never download anything illegally,'but does the same apply for everyone in your organization?” McAdooasked.

She added the reality today is that people bring personal mobiledevices, which touch company networks, to work all the time, eventhough their devices might contain malware.

“The only way to be truly safe is to stop threats at the sourceby blocking them from reaching your network in the first place,”she said. “This Pokémon Go experience is a great example of howusers have to be careful on what application they allow to installon their mobile devices that they are using in the office as wellas their laptops.”

Join us at Credit Union Times' Fraud:Don't Let It Happen To Your Credit UnionConference October 11-12 in Dallas, where you will findthe latest tools and techniques for preventing fraud and databreaches; strategies for responding in the immediate aftermath andbest practices for restoring reputation, financial stability andinformation security. This two-day conference is designed forcredit union executives, boards of directors and those responsiblefor your credit union's cybersecurity policy. Registerto attend and save $150.