For many, March signifies the spring equinox, daylight savings, and the celebration of St Patrick’s Day. For American sports enthusiasts, however, one event sits at the forefront of their thoughts – March Madness. Sadly, as with many high-profile sporting events, opportunistic cybercriminals also anticipate the event.
March Madness centers around the NCAA Division I Men’s and Women’s basketball tournaments and features 68 teams in a single-elimination format that narrows down to crown four champions by the end of the month. It certainly provides drama on the court – but how can supporters avoid organizations avoid unnecessary upset off of it?
Action and Opportunity
March Madness is one of the most-watched sporting events in the US because of the high-stakes format, the sheer volume of games, and the fact that it’s the only major sporting event in the US where some games traditionally take place during business hours in the working week. The prospect of having a large audience seeking to obtain a coveted ticket, tuning in to watch the game, or looking to take advantage of promotional offers presents some juicy low-hanging fruit for cybercriminals.
Scammers often create convincing copies of event pages to promote fake ticket sales, setting up fraudulent websites or social media profiles claiming to sell legitimate tickets. Accounts or websites like these mimic legitimate ticket vendors by copying their branding and imagery while enticing fans with promises of dramatic discounts. Following payment, buyers either receive no tickets or get counterfeit ones with incorrect serial numbers or barcodes that are invalid for entry.
Not all apps or sites offering to stream games or provide related offers are legitimate; some are designed to install malware and steal data from mobile devices. This is of particular concern to organizations because, as some games are taking place during working hours, corporate networks may be impacted. If it all seems too good to be true, it probably is.
A Risky Wager
The American Gaming Association (AGA) has predicted that an estimated $3.1bn will be gambled by Americans during March. In addition to the advice detailed above relating to authentication, it is also essential that any betting sites you or your workplace pool intend to use operate security practices like multi-factor authentication (MFA).
Kaushik Devireddy, Senior Product Manager at Deepwatch, expects malicious actors will look to “craft phishing emails and notifications for bonus bets impersonating betting platforms with the imagery/likeness of March Madness players. Their goal with these attacks will be to gain access to betting accounts which contain deposited funds, as well as bank account linkages.”
Staying Safe
Cybersecurity experts are acutely aware of the threats accompanying March Madness and have some important advice to beef up your defense away from the court.
J Stephen Kowski, Field CTO at SlashNext, advocates for “Modern email security with real-time phishing detection can identify these threats at the point of click, protecting users whether they’re participating in office pools or exploring betting platforms.”
Chris Gray, a field CTO who also operates at Deepwatch, stresses the benefits of education and vigilance on the part of both organizations and individuals. He stresses that “Organizations (and end users in general) need to invest in awareness training and protection, be it agents, system policies, or preventative gateway controls, in order to minimize damage. Monitoring of credit, dark web activity, and other associated remote access means can help identify potential harm if the door was already left open.”
Enjoy Responsibly
Although this year’s winners on the court won’t be confirmed until the end of the month, we do know that March Madness presents a great opportunity for malicious actors. Familiarize yourself with basic security practices and ensure the authenticity of any online interactions in order to keep yourself in the game.
Adam Parlett is a cybersecurity marketing professional who has been working as a project manager at Bora for over two years. A Sociology graduate from the University of York, Adam enjoys the challenge of finding new and interesting ways to engage audiences with complex Cybersecurity ideas and products.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
