March Madness has arrived. Brackets will be tested, underdogs will advance, and dramatic finishes will dominate the highlights. But while the excitement unfolds on the court, cybercriminals are also stepping up their game, launching a full-court press on inboxes across higher education, including ours. Periods of heightened attention and activity are prime opportunities for scams designed to distract, rush, or mislead.

Let’s break down the most common “scams in the tournament” and how you can keep them from cutting down the nets.

The Bracket Bait Phish
This scam typically appears as an email or message offering access to an “official” tournament bracket, prize pool, or surprise winnings. The message encourages you to click a link or log in to participate. In reality, the link leads to a fraudulent site designed to capture your credentials. To defend against this tactic, avoid clicking on unsolicited bracket links, navigate directly to trusted websites, and review sender details carefully. Small inconsistencies are often a telltale sign.

The Buzzer Beater Urgency Scam
Messages claiming “your account will be locked today,” “final warning,” or “respond within 30 minutes” are designed to create pressure and short-circuit good judgment. The goal is to prompt immediate action without verification. A reliable countermeasure is to pause before responding. Chapman IS&T will never issue urgent threats or demand immediate action via email. When a message feels rushed, take time to confirm its legitimacy.

The Fake Ticket Giveaway
Offers for free or deeply discounted tickets, travel, or gear can be enticing, especially during high-profile events. These scams typically ask recipients to submit personal, login, or payment information to “enter” or “claim” a prize. In practice, this information is harvested for misuse. Remain cautious of giveaways that request credentials, rely on official sources, and remember that legitimate complimentary tickets rarely come with additional requirements.

The Transfer Portal Trick
In this scenario, scammers impersonate a faculty member, administrator, or supervisor and request gift cards, wire transfers, or sensitive information. Familiar names and roles can create a false sense of legitimacy. Always verify unexpected requests, particularly those involving financial transactions. Closely inspect email addresses and, when in doubt, confirm the request through a separate communication channel.

Defense Still Wins Championships
You do not need to be a cybersecurity expert to protect yourself. Effective defense is built on a few fundamentals: slow down, examine details closely, and trust your instincts. Most scams rely on speed, surprise, or discomfort to succeed.

Call to Action: See Something? Call the Foul
Reporting suspicious messages helps protect not only you, but the entire campus community. Awareness and shared responsibility are key components of a strong security posture. Report malicious messages immediately to: abuse@chapman.edu.

Your report helps protect not just you, but the entire Chapman community. One report can stop a scam before it spreads.

Let’s keep the madness where it belongs, on the court, not in our inboxes! Stay alert, play smart, and enjoy March Madness!

 

Stay safe, stay vigilant!
Keith Barros
Chief Information Security Officer (CISO)