Thu | Mar 21, 2024 | 6:12 AM PDT

As the March Madness NCAA basketball tournament captivates fans across the country, cybercriminals are gearing up with their own game plan—to capitalize on this period of heightened online activity and distraction. Between checking scores, streaming games, participating in office pools, and inevitably some placing of bets, users will be presenting an abundance of new openings for threat actors to attack.

"March Madness is a prime opportunity for cybercriminals to deploy phishing lures, malicious apps, and social engineering tactics," warns Krishna Vishnubhotla, VP of Product Strategy at mobile security firm Zimperium. "The emotional investment and spike in online activity create a perfect storm that organizations need to protect against."

Phishing schemes

One of the biggest threats is phishing, where fraudulent emails, texts, or social media messages impersonate legitimate sources like sports sites to steal credentials or personal data. These may appear to contain updates, links to live streams, or opportunities to get in on office pools or online betting.

"Don't click on suspicious links or attachments, especially anything related to fantasy sports or betting," cautions Darren Guccione, CEO of Keeper Security. "Scammers may even impersonate athletes, friends, or family claiming to need money for tickets or bets."

Malicious apps and websites

In addition to phishing lures, users need to watch out for fake websites, mobile apps, and browser extensions purporting to offer scoreboards, livestreams, or special betting opportunities. These can be vehicles for delivering malware, committing fraud, or harvesting valuable data.

"Cybercriminals rapidly create fake March Madness-themed sites and apps to steal credentials for future attacks on companies," says Patrick Harr, CEO of anti-phishing firm SlashNext. "Users must be extremely cautious about what they install or login to."

Securing your defenses

So how can organizations and individuals stay secure while still enjoying all the tournament action? Cybersecurity experts recommend:

  • Only using verified, reputable websites and mobile apps for any sports streams or betting activities
  • Enabling multi-factor authentication and using password managers or passwordless options
  • Installing mobile security solutions to detect malicious apps and phishing sites
  • Providing security awareness training on risks like social engineering during this period

"With so many remote employees now, it's critical they understand digital hygiene basics like spotting phishing attempts and avoiding suspicious links or apps," advises Jason Soroko, SVP of Product at certificate company Sectigo.

As March Madness unfolds, users will need to apply a full-court press defense against ever-more sophisticated cyber threats. A little extra vigilance can go a long way in keeping the tournament experience an enjoyable one.

Follow SecureWorld News for more stories related to cybersecurity.