March Madness brackets are about to be set this weekend, and over the course of the next four weeks more than 11 million viewers will tune in to watch the annual college basketball tournament. It’s a favorite of Vegas bookies and b-ball fans alike—but perhaps we should rename it March Hackness.
March Madness is a time for alliteration (Selection Sunday, Sweet Sixteen, Final Four)—but mostly, it’s a time for betting. It is widely common for friends, coworkers, family and pretty much everyone to want a piece of the action. In fact, Grandma might be wagering on which universities and colleges will have teams selected to be a part of the 68-team field as we speak. It’s shocking—simply shocking—what happens to otherwise upstanding citizens during this time of year. It’s In all, Americans are expected to front up $9.2 million in bets around the tournament.
True to the digital age we live in, most of these frenzied sports bettors will be turning to online sources to help them in their efforts—either to partake in online betting or to swap information that could be used to evaluate where to place those bets. It’s a tradition as timeworn as cement shoes in Mob-land and the exponential and baffling proliferation of baseball fans in October.
But there’s trouble, folks, right here in River City.
“Do fans actually know who is emailing them bracket information? Do they know the organization hosting the webpage where they submit their bet?” intoned Wombat Security, in an email imbued with dark warning. “Hackers are aware of this and use large events such as March Madness to their advantage by producing phishing emails and creating targeted advertisements aimed at obtaining your information.”
It added, “Hackers can use the hype to target millions on fans through online advertisements made to look like legitimate sites for bracket creation and betting. Others use phishing to get you to willing submit valuable information. Now they have your credit card information and a slice of the Americans are expected to wager on March Madness this year.”
What makes things even more intriguing to hackers is the fact that it’s the only major sporting event in the US that traditionally falls during our business day. So, even those who participate in viewing and playing in the innocuous-seeming office pools, are susceptible to a variety of security threats.
Don’t get conned—let’s keep this annual tradition of willingly parting with our money clean, shall we?
A few things to watch out for, whether you have a chunk of change just sitting there in your bank account waiting for its field-goal attempt, or if you’re just a super-fan, include rogue March Madness apps that promise score and bracket updates but also deliver advertising and malware; drive-by and download and install malware infections from March Madness-related sites, both legitimate and spoofed; phishing attacks targeting users following their March Madness brackets on popular sites such as ESPN, CBS Sports and Yahoo; malware masquerading as video players that will allow the user to stream the games; links posted in forums, comments and social media that promise March Madness info or streams, but only direct the user to an infected site; and a large influx of fake betting sites used to grift the credit card info of unsuspecting users.