The month of March is often a turning point for many in the year, signifying the end of winter and the start of the spring…and a whole lot of online gambling for March Madness. Families, friends, co-workers, Facebook groups, you name it—someone has a bracket pool going on and all you need to do to get in on the action is click a link and Venmo someone your entry fee. If it is not obvious by now, cybercriminals use sporting events that appeal to the masses, such as March Madness and the Super Bowl, to target the increased crowds in hopes that a percentage of them will overlook all of the online red flags, good practices, and diligence that people (hopefully) otherwise practice.
Not surprisingly, a lot of this is being done during the workday, on work computers or over company IT networks, thus making the NCAA’s March Madness tournaments a great opportunity for cybercriminals to breach corporate IT security safeguards through the use of fake domains and URL links and phishing attacks. Accordingly, for companies, now is a great time to remind employees of how to spot a phishing email and otherwise drag employees through a refresher of good online hygiene tips. To further help, here are some good housekeeping tips to help spot a fake link:
- Be cautious of all links included in messages. It may not provide that immediate satisfaction of clicking a link, but it is worth taking the time to either get confirmation from the sender that the link is legit, or to otherwise go directly to a website yourself (or use a mobile app if one exists for the brackets provider) rather than using an unknown URL link.
- Check shortened URLs to confirm that they are legit. With a simple web search, you can find some online sites that will help probe a shortened link to help you determine where the link is going to take you.
- Be mindful of misspelled emails and URLs. Obviously, a misspelled URL is a scam, but a misspelled email can also be a tip-off to a malicious intent.
- Don’t click on any bank links. There are very few reasons why anyone should click on a purported bank link. Just take the extra step and log into your banking account the safe and secure way you normally would.
Remaining vigilant while conducting both personal and professional business online is the key to spotting and preventing cyberattacks. Nixon Peabody's Data Breach Preparation & Response team is experienced in handling sensitive security incidents, being a guide through a breach, and ensuring it doesn't happen again.