For fans of NCAA Men’s Basketball, there may be no greater sign of spring than Selection Sunday. Now that the matchups have been announced, the madness of March can begin — cue the filling out of brackets, the submitting of personal information and online transferring of money for betting purposes.
But for hackers, this time of year can often provide some pretty big pay days — at your expense. Social engineering scams like phishing emails, imposter websites, and malicious links and ads are just some of the tactics used by cyber criminals during this popular sporting season.
So if you are a member of bracket nation, consider this piece of advice: Whether you are a purist (i.e., a one-bracketer) or more buckshot in your approach (more entries = more chances to win, after all), the biggest bracket buster of them all is falling for a social engineering scam that compromises your data and/or puts your devices (and your money) at risk.
When fighting social engineering scams, the best advice is to assess potential risks and react appropriately. Here are three key things to look out for this March (and all year long):
- Phishing emails – Beware of unsolicited emails that prompt you to act without thinking. Scammers will use a variety of tactics to make this happen: the promise of a great prize; notice of an account error, payment problem or unauthorized access; or another hook that plays on your emotions and makes you feel compelled to click a link, submit your data or download a file. If you’re at all unsure of the source of an email, the safest thing to do is avoid it.
- Imposter websites – It’s highly likely there are sites out there masquerading as legitimate sources for bracket contests, tournament information and NCAA goods. Just because a website looks safe on the surface, doesn’t mean it is Logos and designs can be easily mimicked. If you aren’t familiar with a site, avoid sharing personal details, entering credit card data or downloading files. It’s always safest to stick with a known, trusted entity.
- Malicious links, ads and apps – How many clicks do you think a fake story about a #16 seed beating a #1 seed would get? How about an ad promising a $1,000,000 payout for a perfect bracket? And how many mobile users might download an app that promises to give insider tips and up-to-the-minute game tracking? Hackers and social engineers plant these sorts of stories, ads and applications online and within social media in order to trick unsuspecting users into downloading malware or ransomware, turning over financial data, or granting access to their mobile devices. Don’t fall into these traps.
At Wombat Security, we constantly work to improve security awareness and training for organizations and individuals. We urge everyone to make it a habit to stop and think before you act — whether on a work or a personal device. If something seems off, trust your instincts. Hackers used large events like March Madness to their advantage; being more aware of their playbook can help you avoid giving them the upper hand.