Avoid Phishing Scams During March Madness

Tuesday, February 25, 2020

March Madness is just around the corner, and cybercriminals are ready to take advantage of the hype surrounding your favorite college teams and their basketball championship quests through phishing schemes.

It’s a perfect opportunity for them to use phishing schemes to steal personal information from unsuspecting fans filling out online brackets, buying tickets and merchandise or streaming live video.

Phishing is a form of social engineering that uses email or malicious websites to get personal information by posing as a trustworthy source to gain access to your accounts.

Here’s some signs things to be on the lookout for:

Suspicious sender’s address. The sender's address may imitate a legitimate business. Cybercriminals often use an email address that closely resembles one from a reputable company by altering or omitting a few characters.

Generic greetings and signature. Both a generic greeting—such as “Dear Valued Customer” or “Sir/Ma’am”—and a lack of contact information in the signature block are strong indicators of a phishing email. A trusted organization will normally address you by name and provide their contact information.

Spoofed hyperlinks. If you hover your cursor over any links in the body of an email, and the links do not match the text that appears when hovering over them, the link might be spoofed. Additionally, cybercriminals might use a URL shortening service like Bitly or TinyURL, to hide the true destination of the link.

Malicious websites. They might look identical to legitimate sites, but check the spelling of the organization's name and the URL very closely for discrepancies, such as the spelling of the name or the domain (e.g., .net instead of .com). When in doubt, avoid the website until you’re 100% sure.

Unsecure websites. Check to make sure the websites you’re visiting use SSL protection. The easiest way to tell is to check your browser’s address bar. Look for https in the URL. Sites without the “s” are not safe to submit payment information or other personal details.

Offers too good to be true. Free games and merchandise or unbelievable deals might be tempting, but they can come at a cost to your privacy.  Only download from trusted sources, even if you must pay.

Spelling and layout. Poor grammar and sentence structure, misspellings, and inconsistent formatting are other indicators of a possible phishing attempt. Reputable institutions have dedicated personnel that produce, verify, and proofread customer correspondence.

Suspicious attachments. An unsolicited email (especially if it appears urgent or wants you to do something) requesting a user download and open an attachment is a common delivery mechanism for malware. A cybercriminal might use a false sense of urgency or importance to help persuade a user to download or open an attachment without examining it first.