Malware Madness has led to a big increase in phishing attempts and other forms of basketball-connected malware. We are seeing a startling number of sites purporting to be places where you can create brackets, read up on the teams, or stream live video. But they aren’t all what they seem…

Here’s what you need to watch out for when it comes to March Madness malware.

Spearphishing

Emails have been circulating that directly target folks who are already participating in their March madness brackets. Beware of these and use common sense:

  • Make sure you recognize the sender
  • Check to see if things are spelled correctly
    Malware Madness Bracket
    • LinkedIn
  • Make sure they aren’t asking for personal or financial details
  • Hover over any links in the email before clicking on them – make sure the link it to the website you expect

When in doubt, report as spam and log into your bracket website directly. Definitely don’t click on links or download attachments if you suspect phishing or anything feels “off” to you.

Bait-and-Switch

Want to catch the games live online? Beware: Some cyber criminals are setting up video players where they purport to be streaming the games, but will instead try to load malware onto your device. In some cases, criminals will post links on forums or social media sites where they claim you can watch the game.  You’re better off watching it on TV, on the NCAA website or skipping it altogether; live-streaming isn’t legal in many cases, and odds are pretty decent you could run into nasty malware.

Betting Sites

Before you enter that credit card number to place a wager on your well thought-out bracket, you want to make sure that the website is legitimate and not going to steal your money. The best way to make sure a site is real is to check the URL. If anything looks funny or misspelled, best to stay away. Stick to sites you are familiar with, and if you have even an inkling that something is wrong, don’t disclose financial or personal information.  If the website does not have a valid SSL certificate and it does not have the lock icon next the word Secure, that could also be a giveaway that something is suspicious.

Search Results

Search Engine Optimization (SEO) is a game like any other, and cyber criminals are getting pretty good at it.  If you Google “March Madness bracket,” at least one of the results that pops up will direct you to a malware-infected site. The Fortify security team is tracking these sites and adding them to our blacklist. To steer clear, make sure to only visit reputable sites.

Bandwidth Consumption

Bandwidth is an issue that many businesses should be watching out for. While excessive bandwidth consumption may not be indicative of malware, if you see that your office’s network is streaming way more video than usual, you may want to discourage your employees from in-office game viewing (or block it altogether). This can slow down your network for everyone and obviously isn’t ideal for productivity.

Malware Madness: Be Safe Not Sorry

While it’s good to keep yourself and the other users on your network educated about the dangers of malware attacks related to national events like March Madness or other sporting events, it’s an even better idea to install a safety net that will ensure no attacks succeed.

With a tool like Fortify Phishing Protection (FP2) on your side, you don’t have to worry about your users clicking a bad bracket-betting link or trying to stream the games from a compromised site. FPwill protect your entire network from the threat of malware.