When you think about March Madness, do you also think about information security?It’s March Madness again and basketball fans around the country have been researching college sports websites looking for any insight into which teams will win this year’s NCAA tournament. But while sports fans are attempting to pick which team from a small conference is going to upset a national powerhouse, bad guys are creating malicious websites designed to attract basketball fans in hopes that the gullible (or greedy) will visit. Once a sports fan has landed on the malicious website, attackers have many tools they can use to take over a victim’s browser in an attempt to start the process of separating them from their money.
Beware of Social Engineering
With every major world event, celebrity arrest, or any other story that makes the headlines, there are criminals that will create malicious websites and/or email attachments that attempt to take advantage of gullible users’ curiosity. Attackers will attempt to have their malicious websites prominently placed within the major search engines so that they appear legitimate. This is becoming more difficult as more and more effort is focused on identifying illegitimate websites, but users still need to be aware that they need to be vigilant to social engineering attempts to trick them into visiting a malicious website.
The Dangerous Double Standard in Security Awareness
While walking down an unfamiliar street, most people are aware of their surroundings and are more likely to have their guard up. But when browsing the internet or reading email from the safety of their home, work space, or favorite coffee shop, it seems as if many users are way too trusting. If a stranger on a street corner offered them a chance to win a free iPad, most people would continue walking. But if they receive the same offer from a post on their Facebook wall, they can’t click on it fast enough!
...Just do don’t click it
Bad guys around the world are taking advantage of this false sense of security. Users must follow a general rule: if they receive an email attachment titled "Congressional Salaries" or see a link claiming "Can't Miss NCAA Basketball Winning Picks," don't click on it!!!!