It’s that magical time of year that excites serious and even casual basketball fans. During March, the NCAA organizes their annual college basketball tournament that features 68 teams from various universities and colleges across the country, who compete in a single-elimination tournament to determine the national champion of men’s college basketball. It’s called March Madness because of the excitement, intensity, and the fact that any team, regardless of school size, has a shot to win and upset higher ranked teams.
The tournament has a rich history and has produced many memorable moments. It’s one of the most watched and anticipated sporting events of the year, and is famously known for tournament brackets where fans can pick teams, earn points, and win office pools, money, and prizes. You don’t have to be a diehard basketball fan or have expert knowledge to play in bracket games, because anything can happen.
During the week of the event, it’s not uncommon for emails to be sent to friends and co-workers with embedded links to locations where participants can view and play in tournament bracket pools. The tournament kicks off on the last two business days of the week on Thursday and Friday. This is a prime environment for cybercriminals to take advantage of phishing opportunities and can put companies at risk if employees are using work computers to compete.
Phishing is a common tactic used by cybercriminals to steal sensitive information, such as login credentials and credit card numbers, from unsuspecting victims. With the NCAA March Madness being a popular event, cybercriminals may take advantage of the hype and use it as an opportunity to launch phishing attacks.
Cybercriminals are known for using any major event or tragedy that has captured the attention of the general public as bait for attacks. They are known for exploiting human behaviors and tendencies by using trust, desire, curiosity, and fear to get someone to act. While people are caught up in the excitement of the games and their brackets, criminals will be attempting to steal your credentials, lure you into fake websites, inject malware, and possibly deploy ransomware that could wreak havoc on you or your organization. With increased interest from users, emails, links, and other communications related to the event, it’s easy to accidently click on a malicious URL or attachments.
As you participate in the fun, remember the following tips so you can reduce the risk of falling victim to phishing during the NCAA March Madness tournament or any other popular event:
- Verify the sender and legitimacy of emails. Make sure to check the name AND the domain address to verify its someone you know.
- Make sure if you are CCed on the message, you personally know the other people the message was sent to.
- Hover your mouse over hyperlinks to verify the site you are being taken to is not a different website and be wary of spelling and grammar errors, strange requests, and fake links.
- If you are suspicious, don’t download or click on any attachments “just to see what it is”.
- Look for signs of a secure website: Before entering any sensitive information, make sure the website is secure. Check for the “https://” in the URL and a padlock icon in the browser’s address bar.
- Use two-factor authentication: Two-factor authentication adds an extra layer of security by requiring a second form of identification, such as a code sent to your phone, before allowing access to your account.
- Keep your software up to date: Keep your operating system, browser, and antivirus software up to date to ensure that you have the latest security patches and protections.
- Use strong and unique passwords: Use a different password for each account and make sure it’s a strong password with a mix of letters, numbers, and symbols.
The biggest way to prevent an attack is to educate yourself and your workforce on how phishing works, how to recognize, and how to avoid phishing attacks.
At CatchMark Technologies, we specialize in providing training to help people and employees stay informed about the latest scams, security threats, and strengthening their ability to identify Phishing attempts. We also provide simulated Phishing exercises to allow for employees to practice, fail safely, and learn from mistakes. For more information, reach out to see how we can help!