Major sporting events like the Super Bowl, the World Series or March Madness can be prime time for cybercriminals to try to prey on people. Whether it’s by using URLs that look like real sports betting and news sites or using sports-related terms to try to lure people in via emailed phishing links, there’s no shortage of attack vectors.
Looking at some of the recent findings from DNSFilter’s research team will provide context about why this happens and provide guidance on how individuals can try to stay protected from these scam attempts.
Sports betting scams: The stakes are high
When significant sports events take place, there is an increase in malicious gambling- and betting-related traffic. The goal of these sites is to trick people into providing their personal data or entering their credit card information.
Gambling is an easy vice to exploit, which explains why malicious gambling site traffic increases as these sporting events draw near. Sports are one of the few things that happen live that people still “tune into,” creating natural urgency to capitalize on and exploit through streaming, betting, and in-the-moment activities.
Sports betting scams have become such an issue that the FBI created the Crime and Corruption in Sport and Gaming (CCSG) program. It aims to find, fight and defeat criminal activities related to sports by working with sport governing bodies, sport leagues, independent watchdog groups and international law enforcement. One of the crimes it focuses on is illegal gambling and illegal sports betting operations.
What the data shows
DNSFilter has gathered information through its DNS content filtering platform about gambling traffic, both legitimate and illegitimate. For instance, on the day of the Super Bowl, DNSFilter blocked 57% more malicious gambling- and betting-related content than the entire rest of the NFL postseason. Similar traffic spikes to such malicious sites took place during Super Bowl LVIII and last year’s March Madness.
Because sports betting is now legal in 38 states – with 30 of them allowing online sports betting – traffic to DNSFilter’s gambling category has risen in the past year. Compared to the same timeframe in February 2024, daily traffic to all gambling sites has risen 71%, which far exceeds the increase of traffic on the DNSFilter network (traffic as a whole has grown 16% over the last year.)
DNSFilter’s research on online threats leading up to this year’s Super Bowl also found:
Streaming media and malware: Compared to the previous average held between May and December 2024, Super Bowl weekend saw a 15% increase in illegal streaming and torrenting traffic related to fake streaming sites. This weekend saw the highest traffic to illegal streaming sites ever on the DNSFilter network.
Threats by domain: NFL-related domains have had greater likelihood to be security threats, with sharp upticks in malicious activity related to gambling and streaming sites, and potentially phishing attacks targeting Super Bowl fans or bettors. Domain names containing the word “football” surged on January 14, the day after Super Wild Card Weekend, and on Super Bowl Sunday.
Fake betting sites: Regarding malicious gambling domains identified during the NFL playoffs, 20% used a string of numbers in their names. It’s a standard way for such “mirror” sites to avoid detection. The majority of traffic came from newly registered domains, and most malicious betting-related domains were categorized as malware.
With March Madness happening, DNSFilter has seen more basketball-related scam activity. Malicious basketball domains saw a steady uptick starting in February, with March 6 experiencing a 552% spike over the previous 90-day average. As for malicious gambling sites, those with variants of the terms “gamble” or “gambling” in the domain name also saw a 442% increase on March 6.
Between March 4 and March 6, there was a 53% increase in sites with “bet” in the domain name. On March 7, there was a 280% rise above average for domains with “march” in the title, overlapping with gambling spikes.
How to stop these threats at the corporate level
Most of the traffic our researchers have observed was running on corporate networks. This is important for companies to recognize, as employees could unwittingly be going to malicious streaming or gambling sites while on the corporate network or when using corporate devices after hours.
Illegal or malicious gambling and streaming sites tend to overlap with phishing. For example, it’s highly likely that a streaming site could be hosting malware or links out to phishing sites. Knowing this can help you develop a security policy for such situations.
The first key point in that policy should be to make sure your employees are trained to not click suspicious links. These include links from unsolicited emails with sketchy sender email addresses. The second key point is to deploy protective DNS, a security service that blocks access to malicious domains by filtering DNS queries. The service will block domains that are new and that are known to be malicious or illegal. Knowing what your employees are using your devices for is helpful in knowing what NOT to allow.
Bat a thousand with betting best practices
Marquee sporting events have become a prime target for bad actors, who look for opportunities to scam sports enthusiasts out of their money and personally identifiable information. Unfortunately, employees can inadvertently put their companies in jeopardy when they use company networks and/or devices to participate in online betting or streaming. By providing ongoing education to employees and implementing protective DNS, you can create a safer online environment during sporting events and all year round.
