The popularity surrounding March Madness and fans participating in NCAA brackets makes diehard and casual college basketball and betting fans easy targets for cyber criminals.
Fraudsters are on the prowl as betting pools launch and discussions about which universities and colleges will advance in the NCAA tournament increase.
DON'T MISS: Hackers, Phishing And Scams Prepped for the Super Bowl
Consumers and employers should expect a surge in cyber attacks during the next few weeks as the matchups for the games will be announced on March 12.
Fraudsters Learn Info From Social Media
Scammers are major fans of social media platforms because they can easily learn personal information about you or request money by simply impersonating a friend or family member.
Cyber criminals claim to be in urgent need of money to buy tickets or place bets on March Madness games or will even go one step further and impersonate the athletes themselves, Darren Guccione, CEO of Keeper Security, a Chicago-based cybersecurity software provider, told TheStreet.
Who Is In Your Bracket?
Fans should be careful about fake bracket contests promising large prizes to the winners.
"Once they collect your entry fee or personal information, scammers will disappear and the winners never receive their prizes," he said.
Scammers have a longer window of time to engage with and lure in victims during March Madness compared to other sporting events like the Super Bowl.
As more states have legalized sports betting, the number of gambling-related scams has also risen. Sports betting is legal in 33 states and the District of Columbia. Online betting is permitted in 24 jurisdictions.
Consumers dislike robocalls with a fervor, but fraudsters are big fans.
Scammers will reach out via robocalls or texts to offer false promotions for popular gambling platforms like DraftKings (DKNG) or FanDuel.
They entice potential unsuspecting victims with promises of winnings and bonuses and claims that they can pay to have artificial intelligence create a bracket for them that will guarantee winnings, Clayton LiaBraaten, senior executive advisor at Truecaller,a Stockholm-based caller ID and spam blocking app, told TheStreet.
Since the March Madness tournament is one of the year’s most popular events for betting like the Super Bowl, scammers will "no doubt look to leverage this opportunity" by using fake password resets so they can hijack millions of accounts, he said.
Expect Robocalls or Texts From Fraudsters
A scammer is likely calling you if the call does not have an authoritative Caller ID business name, LiaBraaten said.
"While it is not perfect, telephone carriers can indicate that an unknown number is likely spam which is based on its outbound calling patterns," he said.
The practice of using scam-based voice calls or voice messages to obtain sensitive information is commonly referred to as "vishing," a variation on "phishing" scams used on email.
"Since so many of these vishing scammers are based overseas, some signs that you might have received a spam call include broken English or in 'smishing' (SMS phishing) we often see misspellings in big brand names," he said.
If a call, text or email seems sketchy, avoid giving them any credit card or account information and avoid clicking on links and suspicious texts.
The tournament is an "attractive hunting ground" for cyber criminals because of the number of games that are played, Timothy Morris, chief security advisor at Tanium, a Kirkland, Washington-based provider of converged endpoint management, told TheStreet.
Even people who do not typically gamble might join an office pool - it is estimated that over 36 million adults will complete a bracket, he said.
"The NCAA tourney is prime time for attackers to play on the passion and emotion of college basketball fans," Morris said.
Success rates of phishing attempts where hackers try to obtain financial or personal information from emails are higher because we "tend to let our guard down when we are consumed by a major event," he said. "After all, it's not called, March Madness for nothing!"
Download Only Legit Apps
Mobile phishing attacks are on the rise - the number of phishing sites geared for smartphones increased by 50% over a three year period, according to the 2022 Global Mobile Threat report.
By 2021, 75% of phishing sites specifically targeted mobile users, JT Keating, senior vice president of strategic initiatives at Zimperium, a Dallas provider of mobile security solutions, told TheStreet.
"What’s more is that 66% of mobile phones used at work are employee-owned, creating a challenging environment for security teams to protect," he said.
Too many employees who look for alternative sources to participate in watching March Madness games could wind up accidentally going to malicious websites or download apps on their smartphones and tablets.
"Phishing, malware, and other attacks flourish during popular online events, such as March Madness and even one small mistake by an employee whose mobile device is connected to corporate data could cause chaos throughout an entire organization," Keating said. "It’s even easier for an attacker to spoof one of these organizations and convince someone to click on a link sent via SMS text message."
The smaller screens on smartphones could limit information visibility, reducing the ability of consumers to identify common red flags or attacks, he said.
"Once someone clicks on a link, their phone and all the information and data stored, processed or transmitted by that phone could be compromised," Keating said.
While managers may not want employees spending their time watching basketball games of their favorite teams, blocking sports streaming websites such as Fubo or Sling from a corporate VPN may just lead to more security problems, Guillaume Ross, deputy CISO at JupiterOne, a Morrisville, North Carolina-based provider of cyber asset management and governance solutions, told the Street.
"For companies where all traffic goes through a corporate VPN, I recommend making official streaming sites available out of the VPN rather than blocking them." Otherwise you wind up with "people searching for illegal streams that aren't blocked and might bring more security risk," he said.
Consumers should avoid clicking on messages that offer free or cheaper tickets or apparel that are often familiar to people who are sports or fantasy sports fans, but not to casual observers.
These phishing emails contain links or attachments that infect your computer with malware or lead you to a credential harvesting website, Mika Aalto, CEO at Hoxhunt, a Helsinki-based provider of enterprise security awareness solutions, told TheStreet.
