If breathlessly watching the best college basketball players in the country vie for the national championship in a breathless whirlwind of games this month and worrying over brackets, aren't enough, fans must now consider the prowess of cybercriminals who likely will bring a little March Madness of their own to bear.
“March Madness is back and with it comes a great opportunity for cybercriminals who are intent on making some quick cash,” said Steve Durbin, managing director of the Information Security Forum. “Email infection, fake betting websites and traditional phishing attacks are all expected to have their day in the sun.”
Like any other major sporting event that draws millions of viewers, March Madness will attract bad actors trying “to make money using time-tested, fraudulent means,” said Dan Lohrmann, chief security officer at Security Mentor. “These online trends almost always play out before, during and after the events take place. Cybercriminals are completely prepared for the excitement and hype surrounding March Madness by infecting emails with malware, creating fake betting websites and growing the number of phishing attacks they carry out.”
For the most part, bad actors are out for money, according to Ajay Menendez, executive Director, HUNT Analyst Program at SecureSet, smishing or phishing potential victims to install malware and eventually tap bank and other accounts. “There are many other actions they can take to either directly or indirectly score these criminal actors money, said Menendez. “They could simply encrypt your files and then hold you for ransom, ergo ransomware. They could utilize your system as part of a large zombie army and resell that as a paid service to others.”
Fending off cybercriminals should be a slam-dunk for fans who take precautions to protect themselves, the pros said. “First of all, avoid emailed requests to participate in polls, surveys and contests related to March Madness, unless you know that you personally signed up to be a part of such things from a known, and reputable, site,” said Nathan Wenzler, chief security strategist at AsTech. “Unsolicited appeals to sign up and provide information may be efforts to steal your personal information. Likewise, never click on links or attachments in emails. If you're involved in a tournament bracket, enter the site into your browser directly.”
Durbin cautioned March Madness enthusiasts to “think before you click – does the email look real? If it has an embedded link or attachment, those are the first things that should set off warning signals. Is this a site that you've seen before?” He explained that “it is far better to use a well-known brand or one you or colleagues/family/friends have used in the past. Did you really place that bet and have you really scooped the pot? The number of “winners” over the next couple of weeks will be pretty astonishing, however, just be sure you're on the right side and don't end up becoming another statistic on the losing side.”