News, Scams

The March Madness scam playbook

by Pieter Arntz | March 23, 2026
into the March Madness basket

March Madness is the annual men’s and women’s NCAA Division I basketball tournament, where 68 teams play in a single-elimination bracket for the US national championship.

But March Madness doesn’t just bring buzzer beaters and busted brackets. It also kicks off a short, intense season for scammers who know fans are distracted, emotional, and often in a hurry. In this post, we’ll walk through the main scam patterns that pop up around the NCAA men’s basketball tournament, so you can recognize them and shut them down before they score.

Large sporting events combine three components that scammers love: money, emotion, and urgency. Fans are hunting for last‑minute tickets, “can’t‑miss” bets, and ways to watch every game. They’re in a hurry, so their guard is down.

From an attacker’s perspective, March Madness is conveniently predictable. Every year in March, millions of people will Google the same terms, click the same types of ads, and respond to the same social media bait. Once you’ve seen the patterns, you’ll start recognizing them around other major events too.

Fake ticket marketplaces and resale fraud

Ticket scams are a staple of any big concert, playoff series, or tournament, and March Madness is no exception.

The playbook is simple: Scammers set up sites and listings that look like legitimate ticket resellers, then take your money and run.

Things to keep an eye on:

  • Screenshots or PDFs of barcodes won’t work when entry tickets are dynamic or tied to an app, but scammers still sell them. Victims will only find out at the gate when tickets are rejected.
  • Too good to be true last‑minute deals. Offers for prime seats at prices well below the official box office, often paired with urgency imposing tactics: “must pay in the next 10 minutes,” “three buyers waiting,” or “I’ll lose my deposit if you don’t decide now.”
  • Sellers push victims into private channels (text, WhatsApp, DMs) and insist on payment methods that are irreversible, like wire transfers, P2P apps, gift cards, or cryptocurrencies.

Fake betting sites, “sure thing” tips, and bonus traps

Legal sports betting has gone mainstream in the US, and March Madness is one of its biggest events. The huge number of casual bettors is a scammer’s dream. Their tactics can be divided into two main categories:

  • Cloned betting platforms. Attackers create sites and apps that mimic real sportsbooks, complete with copied logos, odds feeds, and login pages. Users deposit funds, place bets, and maybe even see “winnings” pile up in the interface—until they try to withdraw and are hit with fees, extra deposits, silent account bans, or witness a disappearing act.
  • “Guaranteed” bets. Social media fills up with self‑proclaimed experts selling access to VIP betting groups or “guaranteed” locks on tournament games. Victims pay for tips or are funneled into shady offshore sites that conveniently lose their money or demand more deposits to “unlock” withdrawals.

Streaming scams

Not everyone has a cable subscription or an official streaming package, and scammers know many fans will look for free or cheap alternatives. That creates a fertile ground for malicious streaming offers. There are some common patterns to watch for:

  • Fake portals promising all the games live. Websites advertise free HD streams of every tournament game but require you to create an account and enter a credit card “for age verification” or a “free trial.” Once you submit details, charges appear or your card data is sold on.
  • Malicious players and extensions. Some sites will prompt you to download a special player, codec, or browser extension before you can watch. Instead of video, you get adware, browser hijackers, or a foothold for more serious malware.
  • Shortened URLs and reposted “official stream” links spread quickly around tip‑off time, often redirecting through multiple ad and tracking networks before landing on phishing or scam pages.
  • Like-farming and other social media clickbait promising free streams only to boost the account’s reputation for a next wave of scams.

Bracket phishing, office pools, and prize scams

Brackets are part of the culture: friends, families, and workplaces run pools where everyone predicts the tournament results. Scammers piggyback on that habit with phishing campaigns and fake prize draws. These usually show up in a few ways:

  • Official bracket challenge phishing. Emails or messages invite you to join a tournament bracket hosted by a big brand or media outlet, complete with logos and plausible wording. The link really leads to a credential‑harvesting page masquerading as your email, work SSO, or a well‑known sports site.
  • Fake “you won the pool” notifications. Messages claim you’ve won a prize in a bracket you never joined, and instruct you to click a link or provide personal and banking details to receive your payout.
  • All the data they can get for you to join. Some bracket or contest sites ask for far more information than necessary. They want your full address, date of birth, even ID numbers, all under the pretext of age verification or tax reporting. Once you provide them, the phishers will monetize the data.

How to stay safe

Defending yourself against March Madness scams isn’t about never betting or never buying tickets. But you should treat the entire tournament as a high-risk period and tighten up your usual habits.

While the underlying technical tricks may vary, the social engineering themes are consistent:

  • Urgency. Time is limited, for some reason. The goal is to stop you thinking.
  • Scarcity. Limited seats, limited odds boosts, limited contest spots. All designed to trigger FOMO.
  • Too good to be true. Playing on hope and excitement.
  • Authority and familiarity. Scammers use team logos, broadcaster branding, or language that mimics your employer’s internal pool announcements to appear legitimate.

The defenses are also much the same:

  • Think before you click, act, or buy. If something looks suspicious, check it with Scam Guard.
  • Type official URLs into the browser or use trusted apps instead of following links from email, DMs, or social posts.
  • Use protected payment methods. Pay with credit cards or other methods that support chargebacks and dispute resolution.
  • Treat all unsolicited and unexpected messages as suspicious.
  • Report incidents. If you think you have been scammed, report it to your bank, the FTC and via BBB’s Scam Tracker.

We don’t just report on scams—we help detect them

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard. Submit a screenshot, paste suspicious content, or share a link, text or phone number, and we’ll tell you if it’s a scam or legit. Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.

About the author

Pieter Arntz

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

LATEST ARTICLES

Mobile
Android logo

Advanced Flow will make Android sideloading safer

March 23, 2026

Google’s new Advanced Flow aims to make sideloading safer on Android by slowing down scam-driven installs.

News
week in security

A week in security (March 16 – March 22)

March 23, 2026

A list of topics we covered in the week of March 16 to March 22 of 2026

Podcast
An illustrated padlock is mounted into a microphone stand with sound waves emitting from the device.

This is all it takes to stop a train (Lock and Code S07E06)

March 22, 2026

This week on the Lock and Code podcast, we speak with Rachel Swan about the simple network problems causing major train outages in the Bay.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams