Researchers have seen an abundance of March Madness-related phishing scams.
These scams are a combination of fake domains and adware installers and other security threats. With the Final Four around the corner, researchers are asking college basketball enthusiast to becareful as cybercriminals take a pass at tournament viewers.
While security concerns regarding popular sporting events
March Madness have tipped off during work hours, which enables offices to be prone to attacks due to office streaming.
Tons of sport based sites offer streaming access, sometimes these sites are blocked by workplaces – causing a portion of viewers to click on alternative, sketchy sites that may contain adware or other types of malware.
These unofficial streams can lead to very severe security issues if left unnoticed.
This particular website (streamcartel[.]org) was registered one year ago during the NCAA tournament, and also uses other sporting events to further trick users into visiting the site, researchers said.
When the visitor clicks anywhere on the page of the
Phishing is another popular and easy way for attackers to attract March Madness viewers into handing over their personal data.
Interest in March Madness is so broad that cyberattackers don’t even need to perform much social engineering to hook their phish. These sites appear to look like legitimate high-quality sites with the end game to commit credit card fraud by taking advantage of gamblers caught up in the excitement.
Other tips to avoid March Madness-related phishing scams include:
- Ignoring emails to join tournament bracket pools from sites that users didn’t explicitly request to join.
- Always go directly to the site where users are managing their tournament bracket – instead of clicking on a link from another webpage or in an email.
- Never give out more information than users need to participate in the pool.