Well America, it’s back! That glorious time of year that has everyone asking, “Is Gonzaga actually for real this time? Have we learned nothing?!” Yes that’s right, March Madness is back!

After a LONG and hard 2020, it’s beginning to look a little more normal these days. Nothing signals normal like the return of March Madness! We can finally have the thrill and gut punching heartbreak of busted brackets, 15-seed upsets, and those weird bragging rights of “I called that upset, I just didn’t put it down on my bracket…”

We at Area 1 have been doing our own Phishing brackets over the past five years. We took a hiatus in 2020 (as did the NCAA), so today, we proudly introduce the 5th Annual March Hackness: The Phishing Tournament.

In creating their Phishing campaigns, attackers take advantage of a simple idea – Trust. Nothing speaks to that more than the brands that everyone knows and loves and interacts with in their everyday lives or see in the headlines.

We’ve analyzed over 500 different organizations — across multiple divisions (aka industries) — that have been spoofed in more than 22 million Phishing messages over the past year. From there, we’ve identified the Top 64 companies whose brands have become the go-to lures for Phishing campaigns.

Although March Madness took last year off due to the COVID-19 pandemic, attackers sure didn’t. (Just see some of the proof here, and here, and here…)

And now…

(Prepares best Dick Vitale voice possible) …


Wow, that takes a ton of energy to pull off!

With Area 1’s March Hackness tournament, you’ll get to see who is the latest Cinderella story to come out of nowhere and disrupt the typical “Power 5” technology brands that typically dominate the Phishing world. (Here’s looking at you PayPal, our previous 2019 champion).

Let’s see what a difference a year makes in the world of Phishing.

I’m excited, you get excited!



Some fast break takeaways for this year’s March Hackness?

  • We see some (unfortunate) new players in the space this year: themes around COVID-19 made a strong impact on our Top 64 bracket.
  • For example, newcomers like the World Health Organization and Centers for Disease Control make appearances for the first time, as well as pharmaceutical sweethearts, Moderna.
  • Our typical heavy hitters are still accounted for, like Microsoft, Google, Facebook, and Paypal. However, how well will they survive the tournament? Can they make it to the championship?

Tune in soon to find out who cuts down the nets to evade detection in this year’s tournament!

PS: In the meantime, to learn why email authentication standards failed to prevent these spoofed brands from hitting our phishing bracket, check out these resources:

Kevin Wilson is a Sr. Product Manager at Area 1 Security. Throughout his 14 year in Cyber Security, Kevin has been an Analyst and Engineer in various organizations such as the U.S Navy, First Data, and Lowe’s. Previously he served as the Global Information Security Officer at Guess? Inc as well as a Product Manager for McAfee.