Who Hackers are Betting on for March Madness

The Cybercriminal's Final Four

Every year, March Madness is an enticing distraction for many employees. Whether your company embraces the championships as  morale boosting or puts a halt to distractions and unproductive behavior during the work day, it’s inevitable that March Madness is going to impact office productivity.

The cell phones and computers that your workers use every day make it easy for them to secretly stream games online, check the scores in real time, and even place virtual bets on the teams. 

While your employees fill out their brackets, cyber criminals are choosing their top picks as well. However, they’re not betting on the game. They’re betting they can fool the unwitting fanatic into downloading malware, providing personally identifiable information, and harvesting their login information with a few enticing tricks.


1. Malicious Sites Requiring Registration

Want to watch the games safely or download a bracket. Only use the official source: https://www.ncaa.com/march-madness-live/watch. Remember, blocking access to the official site will only further encourage employees to find work-arounds to watch the game. This drastically increases your risk of being compromised from an employee visiting a malicious site.

Many shady websites claim they’ll give your employees access to free, on-demand streaming of the NCAA championships if they simply create an account. The issue is, many of these sites are harvesting users’ login information to access their other accounts (such as online banking, work accounts, or e-mails). Cyber-criminals often use harvested credentials to access one account and move laterally across the network until they find financial information or trade secrets.

If your employees use the same email, password, or username on multiple sites,  they may be putting the entire company’s systems at risk.

2. Online Betting

If your employees are looking to make a quick buck from their in-depth sports knowledge, they may try to strike up a friendly wager with their friends and co-workers. If they can’t convince anyone to bet them, they may turn to online gambling to try to cash in on their NCAA picks. According to the American Gaming Association, an estimated $10.4 billion will be spent on March Madness gambling alone. But it turns out, many NCAA bets are actually illegal - depending on the situation.

In addition to the risk of breaking the law possibly using office equipment, many of the shadier online gambling sites are run by cybercriminals pushing malicious software, stealing and selling credit card information, or scamming users for personal information. Ensuring your employees are educated on the risks reduces your susceptibility to network compromise.

3. Sketchy Apps & Malicious Downloads

Simply downloading a bracket or rogue March Madness app could quickly turn into a ransomware situation with just a click. Applications that are offered outside of trusted app stores could contain malware designed to lock devices for payment or provide too much access to the contents of your files, exposing personal or financial information.

Consider reminding employees about your IT policies. Prohibiting unapproved applications can assist in the protection of the network. Otherwise your business could face the same issues this Baltimore marketing agency did: Locked Out: Ransomware Shuts Down Marketing Agency

4. Targeted Phishing Attacks

You might see a rise in timely, malicious emails hitting your employee’s inbox in the upcoming days. Spoofed e-mails are designed to look like bracket pool invitations, winnings, or updates on how the underdog #10 seed picked off the #2 seed (your employees are going to want to watch that!)

Managing the Madness

Controlling how your employees spend their time is hard. Informing them of the risks and best practices to avoid a compromise and lost productivity is easier. Make sure your employees have the knowledge to spot the red flags of a dangerous situation.

To avoid going through this again next year, put a program in place that is fully managed, requires no work on your part, but makes your employees your strongest defense against cyber threats. Want to see how they would fare on a benchmark? Challenge them to take the "Spot the Phish" Quiz on https://Phishgoggles.com



New call-to-action

Lee Snead

Lee Snead is Summit's Content Marketing Specialist, and brings cyber-security awareness and training expertise from his days as a security awareness program lead for a Fortune 500 company. Lee focuses on quality content creation, photography, videography, and impactful communications that turn complex IT topics into easily consumable ideas. When he's not writing or filming, he's out on the water. Surfing, kayaking, and SUPing are this St. Louis native's forte.

Related Posts


Sign up for Our Blogs

Latest blogs

Request our Top 10 Security Awareness Tips