Online fraudsters abuse users’ enthusiasm for the March Madness basketball games by targeting phishing attacks and streaming fraud at them. That’s what Zscaler’s researchers found out.
The researchers discovered multiple phishing websites after searching Google for free livestreams for March Madness, as the annual basketball game of the NCAA Division I is also called. One of those websites, streamcartel.org, contained adware on every page. If a user clicked anywhere on the page or tried to close a rogue ad, a new tab opened urging the user to install a fake browser extension.
Also on another website, sawlive.tv, malicious activity was found. This is a phishing website that uses sports events to entice users to visit, after which they were bombarded with malicious advertisements. One of those ads led users to a page with fake Windows security alerts.
Furthermore, the researchers found several typosquatting domains that use terms associated with the NCAA Tournament to mislead unsuspecting users.
Common
Since social engineering campaigns are relatively successful, there are now many cyber-attacks with March Madness as their theme. This is also the case in other years around this time. For example, in March 2017, Zscaler discovered that attackers were using phishing sites that were using the popularity of March Madness to attack employees with adware. Those rogue ads tricked users into downloading browser hijackers and other potentially unwanted applications.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.
1 hour ago
