Scammers are capitalizing on the hype for March Madness with a bevy of malicious streaming sites and phishing scams, according to Lindsey O’Donnell at Threatpost. Researchers at Zscaler and SlashNext discovered dozens of phishing domains registered in the days before the tournament began, with new sites popping up each day.
While unofficial streaming sites aren’t known for offering pleasant user experiences, many people are unaware that scammers use these sites to push adware, scareware, credential stealers, and other types of scams.
O’Donnell says this is particularly concerning for organizations, since people often try to access these sites on their work device or network. Scammers also use phishing emails to entice victims into joining fraudulent tournament bracket pools.
Mike Banic, vice president of marketing at Vectra, told Threatpost that “interest in March Madness is so broad that cyberattackers don’t even need to perform much social engineering to hook their phish.”
Atif Mushtaq, CEO of SlashNext, told Threatpost that many of these sites are still live. He added that attackers still manage to reach their victims, in spite of improved technical security.
“March Madness, like other major sporting events, are prime opportunities for phishing scams, especially credential stealing and credit-card fraud,” Mushtaq said. “Browsers have become quite secure and are getting more so all the time.
With improved software design and regular automated patching, zero-day browser exploits are getting rarer, but that doesn’t mean legitimate-looking phishing sites aren’t getting through to their intended targets.”
High-profile events are always attractive targets for fraudsters. New-school security awareness training can teach your employees to avoid these scams and to never enter their credentials or financial information on an untrusted website.
Threatpost has the story: https://threatpost.com/march-madness-scams/143339/