Threat Management, Malware, Network Security, Phishing

With March Madness in full swing, online scams go for the steal

Alley-OOPS! March Madness fans scouring the web for bracket contests and live game streams may instead find themselves all fouled up by online scams, Zscaler reported in a blog post this week.

The cloud-based security company reported a sizable spike in malicious activity related to sporting events between March 4 and 21, with a huge jump on March 18 and 19 – the first weekend of the NCAA Division I Men's Basketball Tournament. Observed malicious activity included phishing pages, adware downloads, improper handling of user data, and attempts at domain squatting.

For instance, after querying "NCAA free streaming" on Google, Zscaler researchers observed one search result that directed visitors to a site that tries to trick visitors into downloading a browser hijacker that modifies the user's homepage and redirects searches. At the time, the site (ifirstrowus[.]eu) was ranked fifth among Zscaler's Google search results.

Another website observed by Zscaler supposedly provides free streaming access to ESPN. But clicking on its streaming link sends users to a site full of ads featuring fake "close" buttons. Attempts to close out these buttons results in a prompt to download a Potentially Unwanted Program known as ReimageRepair.

Zscaler also reported finding URLs that use domain squatting tactics designed to trick visitors into thinking they're clicking on sports sites run by CBS, ESPN or Fox.

"Domain squatted addresses can be used to host phishing webpages, which look like genuine websites, but steal user credentials and other information," the blog post explains. "They can also be used as mail server domains to send out spam emails."

Finally, Zscaler warned about unofficial third-party NCAA bracket game sites that ask users to create log credentials. Some of these sites transmit this data in the clear, leaving the information vulnerable to sniffing attacks. "Since users commonly set the same login credentials for multiple websites, the attackers might gain access to users email accounts, bank accounts, tax preparation accounts etc." Zscaler warns.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

Record low ransomware payment prevalence observed

Only 28% of ransomware attack-hit organizations have fulfilled their attackers' extortion demands during the first three months of 2024, which is the lowest on record, potentially due to increased protective measures and mounting legal concerns stemming from paying such demands, BleepingComputer reports.

New tool used in China-linked attacks against Asia-Pacific

Intrusions with the Waterbear backdoor and its updated variant dubbed "Deuterbear" have been deployed by China-linked threat operation BlackTech — also known as Earth Hundun, Manga Taurus, Circuit Panda, Temp.Overboard, Palmerwom, Red Djinn, and HUAPI — against government, research, and technology organizations across the Asia-Pacific, reports The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.