The cloud-based security company reported a sizable spike in malicious activity related to sporting events between March 4 and 21, with a huge jump on March 18 and 19 – the first weekend of the NCAA Division I Men's Basketball Tournament. Observed malicious activity included phishing pages, adware downloads, improper handling of user data, and attempts at domain squatting.
For instance, after querying "NCAA free streaming" on Google, Zscaler researchers observed one search result that directed visitors to a site that tries to trick visitors into downloading a browser hijacker that modifies the user's homepage and redirects searches. At the time, the site (ifirstrowus[.]eu) was ranked fifth among Zscaler's Google search results.
Another website observed by Zscaler supposedly provides free streaming access to ESPN. But clicking on its streaming link sends users to a site full of ads featuring fake "close" buttons. Attempts to close out these buttons results in a prompt to download a Potentially Unwanted Program known as ReimageRepair.
Zscaler also reported finding URLs that use domain squatting tactics designed to trick visitors into thinking they're clicking on sports sites run by CBS, ESPN or Fox.
"Domain squatted addresses can be used to host phishing webpages, which look like genuine websites, but steal user credentials and other information," the blog post explains. "They can also be used as mail server domains to send out spam emails."
Finally, Zscaler warned about unofficial third-party NCAA bracket game sites that ask users to create log credentials. Some of these sites transmit this data in the clear, leaving the information vulnerable to sniffing attacks. "Since users commonly set the same login credentials for multiple websites, the attackers might gain access to users email accounts, bank accounts, tax preparation accounts etc." Zscaler warns.