March Madness Targeted by Cybercriminal Phishing Attacks, Creates Security Concerns
Hikvision Helps Partners and Employees Identify Phishing Attacks, Reduce Risk of being hacked
In the SecurityInfoWatch.com (SIW) article, “March Madness Signals Opening of Phishing Season,” the magazine’s editorial director, Steve Lasky, discusses an increase in hacking attacks and rising security concerns during the popular basketball NCAA March Madness season, as cybercriminals increase attempted phishing and malware schemes.
From the article: “Why are the warnings of tournament hoop hack-attacks almost as ubiquitous as the next NCAA basketball coaches’ scandal? Simple, because as much as the average Joe or Jane professes confidence in spotting a phishing attack, they usually can’t.”
March Madness is a time where co-workers, friends, and family create pools and compete with one another in predicting the most accurate NCAA basketball tournament bracket, according to the article.
“Typically, an organizer will send out links from a sports-centric website to the interested participants to allow them to join a group. This creates a situation where the participant may be unaware of the authenticity or safety of the website for the link sent by the organizer, making their personal data vulnerable to cross-site scripting attacks, hidden redirects, and website forgery. Participants should be cautious of shortened URLs which can redirect them to a malicious website that may look to steal their personal information,” said Mike Banic, VP of marketing at Vectra, in the article.
The article added that these cyberattacks work because most companies do not educate employees on how to detect them. The article offers several tips to recognize and avoid a phishing email, including:
- Ignore emails to join tournaments from sites or groups that you weren’t explicitly requested to join.
- Go directly to the website of the tournament bracket instead of clicking a webpage or email link. “It’s less convenient, but typing in the site into your browser reduces the chance that you’ll be rerouted to a fake website or worse, that malware gets loaded on your system,” said the article.
To read more tips from SIW, click here.
How to Identify Phishing Attacks, Two Steps to Reduce Risk of Phishing Attack
In the HikWire blog, “Hikvision’s Director of Cybersecurity Outlines Examples of Phishing,” Hikvision’s Chuck Davis outlines common malware attacks using phishing.
From the article: “Phishing attacks have long been an effective way for attackers to trick people into divulging sensitive information or infecting a system with malware. Malware can give an attacker remote access to protected systems and networks, encrypt a user’s data, and charge a ransom to decrypt the data, or use that system as part of an attack against other systems.”
In “Email Phishing Examples Part II,” Davis provides two steps to reduce the risk of phishing attacks. Below is an excerpt from the article.
While it is increasingly difficult to identify a well-crafted phishing email, there are some steps that can be taken to reduce the risk of falling victim to a phishing attack.
- Look carefully at the email headers. Check the "From" and "To" fields for anything suspicious. While we already stated that these can be spoofed, they can also be a good first indicator of a suspicious email. Here is how to check the full email headers in Gmail: https://support.google.com/mail/answer/29436?hl=en
- Hover over links and be sure to read the entire URL. When you hover over a link, notice if the website link is different than the listed URL. Also inspect the entire URL from the first forward slash, back to the left, to see where that link is actually going. For example, http://www.google.com.search.us/query.html is actually going to a server called "search.us," not google.com. Again, this can be spoofed in some cases but it’s a good indicator of how phishing links can appear to be sites we trust.