March Madness Can Be Used by Cybercriminals as a Ploy for Attacks

Malicious actors often exploit major events to target the general public. Events that attract a large audience can be used as a platform to distribute malicious emails, links, and other forms of communication. As March Madness approaches, security leaders advise organizations to educate their employees about the potential risks associated with phishing campaigns and scams.

Insights from Security Leaders

Jason Soroko, Senior Vice President of Product at Sectigo:

“It is crucial for employees, especially remote workers, to be aware of basic digital hygiene practices and to be able to identify social engineering attempts like phishing. All staff should be equipped to recognize and avoid malware, viruses, and phishing attacks, as well as understand the fundamentals of digital identity.

• Use reputable websites: When engaging in activities like online betting or joining fantasy leagues, it is important to stick to established platforms with strong security reputations. Always check for https:// in the website address bar.
• Limit sharing personal information: Only share essential information when necessary.
• Avoid suspicious links and attachments: Be cautious of clicking on links or attachments, especially in emails related to fantasy sports or online betting.
• Implement strong authentication: Utilize unique and complex passwords for online accounts. If possible, opt for services that offer multi-factor authentication or Passkey authentication for added security.

Krishna Vishnubhotla, Vice President of Product Strategy at Zimperium:

“As the NCAA March Madness Tournament draws near, there is a substantial increase in online activities related to office pools and online betting, escalating cyber risks. The heightened online engagement during this popular event makes it a prime target for cybercriminals. The emotional investment of fans creates an ideal environment for cyber threats, with fraudsters taking advantage of the surge in legitimate communications and the relaxed vigilance of individuals to launch scams and phishing attacks.

“Cyber criminals leverage phishing emails, malicious links, and fake betting websites and mobile apps during events like March Madness. Given the widespread use of smartphones for such activities, mobile users are often targeted.

“Key considerations:

• Beware of phishing scams: Be cautious of emails or messages that mimic legitimate tournament updates or betting sites, as they may aim to steal personal information or credentials.
• Avoid unsecured Wi-Fi networks: Using public or unsecured Wi-Fi networks for online activities can expose users to data theft.

“Organizations should educate employees about these risks, exercise caution with unsolicited communications related to March Madness, ensure device security, and verify the legitimacy of betting websites and apps. Deploying multi-factor authentication and mobile endpoint protection tools can enhance defense strategies against cyber threats during this period.”

Darren Guccione, CEO and Co-Founder at Keeper Security:

“Phishing and online scams pose significant threats to March Madness fans leading up to and during the NCAA Tournament. Cybercriminals may send phishing emails or text messages with malicious links or attachments disguised as tournament updates or brackets. It is advisable to avoid opening attachments or clicking on links from unknown sources. Scammers may also use social media to gather information or request money, impersonating friends, family members, or athletes. Fans should be wary of fake tickets and bracket contests promising grand prizes, as these are often ploys to collect personal information or entry fees without delivering on promises.

“To enhance security, it is recommended to use unique and robust passwords for each account. Passwords should be at least 16 characters long, incorporating a mix of upper and lowercase letters, numbers, and special characters. Consider using a passphrase instead of a single word for added security. Employing a secure password manager can assist in creating and storing complex passwords.”

Patrick Harr, CEO at SlashNext:

“With the widespread popularity of March Madness, cyber criminals capitalize on the enthusiasm surrounding the event. By offering fake sports-themed websites, free game streaming, private VPNs, contests, and browser extensions, cybercriminals lure fans into providing sensitive information or falling victim to fraud.

“The sophistication of phishing attacks is increasingly challenging for users to detect, particularly during popular events like the tournament. As March Madness approaches, phishing sites may emerge to harvest credentials for future attacks or financial fraud.

“Organizations should educate employees about potential threats, secure their devices proactively, and promote cautious participation in brackets and office contests. Utilizing real-time mobile and browser security solutions can further safeguard corporate assets from potential cyber threats.”