The pandemic of 2020 might have put a pause on many things, but America is doing its best to hold on to a normal way of life. Since crowded stadiums are not particularly conducive to stopping a pandemic, sports organizations across the country have been bringing events live to fans’ homes with interactive, virtual experiences. But they do not come without cyber risks.
Teams Sporting Events Overview
The Microsoft Together Mode is being used in the online sports world. Fans get to watch their teams play live virtually, while showing up on the big screens set up at the stadium. It is the best way to be right in the middle of the action and maintain social distancing to prevent the spread of COVID-19. Though not all teams have made this move, many in the NHL, NBA, and NFL have. And this capability is likely to increase in usage throughout the sports industry as organizations find options to improve engagement with their fans.
How Cybercriminals are Attacking Platforms
As you may already know, the NFL is having fans login to Microsoft Teams to stream touchdown celebrations live. This means large volumes of users are entering the system at the same time. Many of these users are new to the platform, creating accounts and handing over credentials quickly for a chance to appear on TV.
But what are the cybersecurity risks around this type of event viewing?
Unfortunately, with the increased usage of Microsoft Teams (or any other online application, for that matter) comes increased threats. Cybercriminals are quick to adapt to the evolving applications being used and have been sending out phishing emails to steal users’ credentials by impersonating Microsoft Teams and Microsoft o365.
The email looks like a legitimate notification, received via email, from the Microsoft Teams application. Cybercriminals use Microsoft’s brand logos and mimic the standard formatting that individuals are used to seeing within their emails, often only changing the Sender email address and URL, to convince users that it is authentic.
The email notification requests the user to login to the platform. However, instead of going to the genuine Microsoft platform, the user is taken to a fake login page to enter their credentials. Once the user enters his or her login credentials, cybercriminals have access to the user’s Microsoft Teams account and any other Microsoft application using the same credentials.
Sports games are incredibly timely events, meant for entertainment purposes, and people want to have a conversation with friends or other fans about the game. So, when an individual is watching sports, the guard that questions the authenticity of emails or webpages is often down. It is not like work, where you must be focused or be paying attention to all the details. And cybercriminals know this.
Cybercriminals look to the easiest point of entry when they are developing attacks. That point of entry is email. During these sporting events, when an individual is in their entertainment mindset, they are not thinking about being cyber secure. When receiving an email notification to log into their Microsoft Teams account, or any other platform, to watch a live game or replay, individuals will act. And these cybercriminals know to send emails right as the game is about to start, or right after it’s ended, when you will be logging into the applications they impersonate.
Social engineering focuses on one element; get someone to do something they would not normally do. With the elevated risks being introduced between virtual communication and sporting events, individuals should be taking security incredibly seriously.
What Viewers Should Be Aware Of
Keep an eye out for any emails that seem to come on behalf of the Microsoft Teams platform. The following tips can help you spot phishing emails:
- First, check the sender’s email address. If it is from Microsoft, it will be from Outlook or Microsoft.
- Next, if you click on a link in the email, check the URL. If it says anything other than “Microsoft,” close it out. Legitimate emails should be sent from links like “login.microsoftonline.com.” The phishing schemes often come attached to URLs that read “sharepointonline.com” or something unrelated to Microsoft.
- If you notice anything on the email or web link that does not seem right, contact Microsoft’s support team. They can help you decide what is and is not legitimate.
- Additionally, you should be extra vigilant when placing online sports bets. Only do so through reputable websites and ensure that the website is encrypted.
- To ensure online safety, Microsoft security offers several tools. One of the most useful is multi-factor authentication or MFA. Enabling multi-factor authentication means that even if a cybercriminal gets your login credentials, he or she still cannot get in. Without the second key, your login information is useless.
Microsoft security offers more phishing and malware protection that can keep you secure. Enabling these protections can help you avoid most- if not all- potential risks involved with viewing sports the Microsoft Teams.
How GreatHorn Can Help
GreatHorn can help protect your organization from advanced email threats. With our free advanced threat assessment, GreatHorn can identify all current email threats that have bypassed your existing defenses to create additional risk to your organization.