The hype surrounding March Madness will increase daily, followed a surge in cyber attacks as the number of people participating in NCAA brackets and betting pools expands and fraudsters are on the prowl.
Cyber criminals are prepped for the hype and the excitement building around the NCAA basketball games by infecting emails with malware, creating fake betting websites and increasing phishing attacks. As millions of Americans fill out tournament brackets as part of their office pool, more phishing attacks and financial scams will occur.
"First of all, you should avoid emailed requests to participate in polls, surveys and contests related to March Madness unless you know that you personally signed up to be a part of such things," said Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company:
Some fans are taking the opportunity to place bets and want to cash in on the annual tournament through online betting options and apps to generate additional funds.
While ardent enthusiasts may enter numerous tournament brackets, players should enter the website into their browser directly.
"Phishing emails may eventually forward you on to the right site, but they can simply take over the session to direct you to other sites that download ransomware or malware to your system before they forward you along," said Wenzler.
The number of apps that are available will also rise.
"By participating in March Madness betting, you are quite likely providing important credentials about your own identity to an app developer or website owner that you might not trust or be able to verify," said Joram Borenstein, vice president of marketing at NICE Actimize, a Hoboken, N.J.-based financial crime software solutions provider.
The hackers are seizing the occasion to cash in from the online bets and phishing scams also.
"March Madness is back and with it comes a great opportunity for cyber criminals who are intent on making some quick cash, said Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management. "Did you really place that bet and have you really scooped the pot?"
Fraudsters will lure unsuspecting or novice gamblers in with corrupt alerts and websites, even with claims of new winnings.
"The number of 'winners' over the next couple of weeks will be pretty astonishing, however, just be sure you're on the right side and don't end up becoming another statistic on the losing side," he said.
The number of emails individuals receive will also surge and fans should look for warning signals such as an embedded link or attachment.
"Email infection, fake betting websites and traditional phishing attacks are all expected to have their day in the sun," Durbin said. "It is far better to use a well-known brand or one you have used in the past."
The scams perpetrated by cyber criminals are not new ones, said Dan Lohrmann, chief security officer at Security Mentor, a Pacific Grove, Calif.-based provider of security awareness training.
"It is not going to end anytime soon," he said. "If you don't fall for some of these tricks during March Madness, another major event is right around the corner."
These trends will continue even after millions of people stop watching the March Madness games, said Lohrman.
"Make sure you are properly trained on how to spot a phishing attack and other online tricks that you might fall for," he said. "Organizations need to provide security awareness training in an easy-to-understand, interactive format in order to enable real behavior change in their employees."
Hackers are playing a cat and mouse game with anti-virus and anti-malware companies, but neither side leads for very long, said Ajay Menendez, executive director of HUNT Analyst Program at SecureSet, a Denver-based immersive cybersecurity academy.
Another way for the criminals to trick fans of basketball is a method called smishing, which is when they send a text with a malicious link to install malware on your smartphone and is similar to phishing.
"Once you arrive at their malicious site, it may look normal or shoot up pop ups that hide themselves and then install malicious code on your smartphone, tablet or computer," he said. "They look to trick you and get you to install their malicious code without you even knowing you did it."
The scam artists prefer this strategy because once you actively click on these links, you are "requesting this outbound connection and the security systems, may or may not be able to protect you at that point," said Menendez.
After cyber criminals have infected your device, they can access your bank account or encrypt your files and hold them for ransomware.
"They could utilize your system as part of a large zombie army and resell that as a paid service to others, which is called a botnet," he said.