The March Madness phishing emails are hitting inboxes now, and they can trick your employees and potentially impact your network.
They also come in a lot of different flavors, according to SecureWorld keynote speaker Dan Lohrmann, CSO of security awareness company Security Mentor.
"Cyber criminals are completely prepared for the excitement and hype surrounding March Madness by infecting emails with malware, creating fake betting websites and growing the number of phishing attacks they carry out."
A lot of the InfoSec leaders we interview talk about opportunity to make security personal. This seems to be one of those times where a national event can help you raise awareness of the risk.
Here are some tips you can pass along to your staff or even family, because most phishing campaigns around an event cast wide nets.
Steve Durbin, managing director of the Information Security Forum, has some good advice.
"If it has an embedded link or attachment, those are the first things that should set off warning signals. Is this a site that you’ve seen before? It is far better to use a well-known brand, or one that you or colleagues, family, or friends have used in the past. Did you really place that bet and have you really scooped the pot? The number of “winners” over the next couple of weeks will be pretty astonishing, however, just be sure you’re on the right side and don’t end up becoming another statistic on the losing side."
None of us like it when our brackets go bust. But to have a losing bracket and be a victim of phishing?
Think of that as a case of double elimination!