As the hype surrounding March Madness increases and more people partake in NCAA brackets, especially at office pools, consumers and employers should be prepared for the surge in cyber attacks resulting in more phishing attacks and financial scams.
Cyber criminals are prepped for the excitement and hype building around the NCAA basketball games by infecting emails with malware, creating fake betting websites and increasing phishing attacks.
“Security professionals at organizations of all sizes are preparing for a surge of potential March Madness related cyber attacks through the beginning of April,” said Dan Lohrmann, chief security officer at Security Mentor, a Pacific Grove, Calif.-based security awareness training provider.
The problem of the rise in cyber attacks is compounded because many office pools pop up during this time, increasing the odds of malware infecting emails and software programs in the workplace.
“Nearly every aspect of any employee’s involvement with March Madness could easily open up the employee, as well as the organization to a number of cyber risks,” Lohrmann said. “Cyber criminals are well aware of the popularity of March Madness.”
Types of Attacks
Hackers are already spearphishing emails to millions of college basketball fans and even non-basketball fans who just want to take part in the fun of office pools. Employees who are downloading unauthorized apps onto their smartphones or tablets could have malware imbedded in them that could infect devices owned by the company.
The rise in the use of bandwidth to watch or merely monitor the games could slow down the office’s operational systems almost like a denial of service attack, Lohrmann said.
“It can be beneficial to all involved to find the time to watch the games together on a television in the breakroom and have a team building party,” Lohrmann said. “We need to remind staff of the importance of being alert for online risks that come at us every March.”
Hackers have been participating in March Madness across many devices for several years, especially ones which promise information on score and bracket updates, said Mark Parker, senior product manager at iSheriff, a Redwood City, Calif.-based provider of enterprise cloud security solutions.
As more people use apps to provide information, the amount of advertising and malware also rises substantially, especially among the rogue March Madness ones, he said.
“Pillagers hang out near the watering holes that draw the prey, because it is easier than hunting the victim outright,” said Parker. “March Madness is one major event which provides that easy-to-access watering hole for online criminals.”
Even legitimate websites which are downloaded and ones which are spoofed are infected with malware. Hackers are increasingly targeting users on popular, well-known websites such as Yahoo, CBS Sports and ESPN with phishing attacks.
Malware can also infect software and devices when it masquerades as video players which allow the user to stream the games, said Parker.
A large influx of fake betting sites has been created in order to “grift the credit card information of unsuspecting users,” he said.
Even links posted in forums, comments and social media which promise information or streams are not immune from criminals since they direct the user to an infected site, Parker said. Consumers should be even more alert during March and avoid clicking on links within emails from March Madness sites and type the URLs into the browser instead of copying it.