IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Hacking March Madness: How Cybercriminals Exploit Popular Sports Events

We’re in mid-March, which means the NCAA College Basketball Tournament is in full swing. But there is more than one way to bust your March Madness bracket, and cybercrooks are also working overtime to grab a piece of the cash. Here’s how (and why) major sporting events are top targets for global hackers.

Bracket Money
Joseph Pulitzer, who is best known for the famous Pulitzer Prizes, once said:

“There is not a crime, there is not a dodge, there is not a trick, there is not a swindle, there is not a vice which does not live by secrecy.” 

Twenty-first-century hackers use this truism to their advantage to exploit popular sporting events around the world. Everyone knows that the top sporting events are watched by millions of Americans each year, and we also understand that many people bet on sports outcomes.

But March Madness is different. Millions of Americans fill out annual brackets at their office, or in social groups or even at churches. Some fans hope to win cash, others donate the proceeds to charity and some just enjoy the annual ritual for fun. But as The Atlantic magazine described two years ago, “50 million Americans are expected to participate in office pools” (related to March Madness.) 

And herein lies the problem: Where the people go, the cybercrooks will not be far behind.

What’s the Problem?

Yes, Middle Tennessee State may have busted your 2016 bracket when they beat Michigan State on Friday afternoon, but there are numerous less obvious ways that your tournament can be ruined by hackers.

As I told Ellen Chang at, hacking is a big problem during March Madness. Here is an excerpt:

“Security professionals at organizations of all sizes are preparing for a surge of potential March Madness related cyber attacks through the beginning of April. ... Nearly every aspect of any employee’s involvement with March Madness could easily open up the employee, as well as the organization to a number of cyber risks. Cyber criminals are well aware of the popularity of March Madness.”
The problem of the rise in cyberattacks is compounded because many office pools pop up during this time, increasing the odds of malware infecting emails and software programs in the workplace.

One key difference to this annual March event is the fact that people are willing to put money into their brackets, usually in small amounts, in ways that they do not during the rest of the year. This means that people who are not alert are especially susceptible to falling for phishing email scams or downloading one-off apps to smartphones (that may be infected with malware). Even legitimate websites can have downloads that are spoofed and infected with malware.

Other tricks to watch out for include ticket scams for attending basketball games. For example, check out this video from last year:

Solutions, Please

What can you do?

First of all, be alert. Know who you are truly dealing with online. Make sure you are trained on how to spot phishing attacks and other online tricks.

Second, if you are buying online tickets for March Madness, or other sporting events, concerts or other popular events, follow these tips from the Better Business Bureau (BBB). Also, check out this McAfee list of ticket scams to watch out for.

Third, understand that this trend is not new and not going away. As Trend Micro pointed out several years ago, cybercrimminals have time on their side and are just waiting for you to let your guard down. If you didn’t fall for March Madness tricks, they may be back for the summer Olympics in Brazil, the World Cup, World Series or other major event. Also, look out for election-related phishing scams.

Here is an example of how a website was hacked as part of the World Cup in Brazil in 2014.

(Yes, this Web defacement was done for a global protest and to make a hacktivist point with more public attention, but some website hacks stay hidden and can cause damage to end user computers as well.)

Wrap-Up: What Can Happen After a March Madness Cyberattack?

Perhaps you are wondering what can possibly go wrong if you do make a mistake and your information gets compromised.

One hot hacking trend right now is the spread of new ransomware if you click on a bad link. As CNET reported:

“Hackers struck Hollywood Presbyterian Medical Center last month. They encrypted files critical to running the hospital's systems. And then they asked for money. After three weeks of operating without crucial computer programs, the Los Angeles hospital paid a $17,000 ransom to restore its systems. The attackers followed the pattern of other "ransomware" hacks by sneaking onto the victim's computer system, scrambling the files with an unbreakable code and refusing to release them until a ransom is paid. Around the same time, two German hospitals and the Los Angeles County Health Department saw their files seized in the same maddening way.”
And if you think you are immune because you own an Apple MAC, think again

The bottom line is that end users and enterprise security pros need to be on constant alert for online scams and attempts to trick you or your team into making a costly mistake. March Madness is a unique annual event over several weeks that opens up the door for the bad guys in a variety of ways. Nevertheless, natural disasters, IRS tax season and other major sporting events can also be exploited by cyberthieves.

For more details on ways to protect yourself, visit from the National Cybersecurity Alliance.  


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.