The Real Bracket Buster? Scammers Who Steal Your Data (and Your Dough).

For fans of NCAA Men’s Basketball, there may be no surer sign of spring than Selection Sunday. Now that the matchups have been (mostly) set, the madness of March can begin — cue the filling out of brackets, the search for this year’s Cinderella teams, and the wondering of whether this will finally be the moment a 16 seed topples a conference favorite (however unlikely that may be).

If you are a member of bracket nation, consider this piece of advice: Whether you are a purist (i.e., a one-bracketer) or more buckshot in your approach (more entries = more chances to win, after all), the biggest bracket buster of them all is falling for a social engineering scam that compromises your data and/or puts your devices (and your money) at risk.

Scammers Are in Motion and Are on the Offensive

When any event or product drives scores of users online, scammers attempt to take advantage. The flow of money and the high level of interest are a double bonus for social engineers; they know that users are likely to throw caution to the wind in pursuit of what they want. (The yearly holiday shopping season and last year’s Pokémon GO phenomenon are good examples of this.)

Before you jump into a bracket challenge, have a game plan. To borrow a bit of advice from Dick Vitale, don’t be drilling Reggies when you need Pete Roses — meaning, don’t overlook the immediate in the pursuit of a big reward that might never pay off.

Learn about mobile device security tips that can help you stay more secure.

Develop a Strong Defense

When fighting social engineering scams, the best advice is to assess potential risks and react appropriately. Here are three key things to look out for (this March and all year long):

• Phishing scams – Beware of unsolicited emails that prompt you to act without thinking. Scammers will use a variety of tactics to make this happen: the promise of a great prize; notice of an account error, payment problem, or unauthorized access; or another hook that plays on your emotions and makes you feel immediately compelled to click a link, submit your data, or download a file. If you’re at all unsure of the source of an email, the safest thing to do is avoid it.
• Imposter websites – It’s highly likely there are sites out there masquerading as legitimate sources for bracket contests, tournament information, and NCAA goods. Just because a website looks safe on the surface, doesn’t mean it is safe. Logos and designs can be easily mimicked. If you aren’t familiar with a site, avoid sharing personal details, entering credit card data, or downloading files. It’s always safest to stick with a known, trusted entity.
• Malicious links, ads, and apps – How many clicks do you think a fake story about a #16 seed beating a #1 seed would get? How about an ad promising a $1,000,000 payout for a perfect bracket? And how many mobile users might download an app that promises to give insider tips and up-to-the-minute game tracking? Hackers and social engineers plant these sorts of stories, ads, and applications online and within social media in order to trick unsuspecting users into downloading malware or ransomware, turning over financial data, or granting access to their mobile devices. Don’t fall into these traps.

To harness a basketball playbook, think about adopting a “pick and roll” mentality. Make it a habit to stop and think before you act in haste, and don’t be afraid to move away from an email, website, social media post, or application that doesn’t pass the smell test.