Scam Alert: Fake Emails & Websites Target Users After Outage

Cybersecurity Warnings Across the Globe

Authorities in the UK and Australia have warned the public to be cautious of fake emails, phone calls, and websites impersonating official channels. These fraudulent communications aim to profit from the widespread confusion the outage has caused. CrowdStrike’s CEO, George Kurtz, emphasized the importance of verifying the authenticity of representatives before downloading any software or fixes. He reassured users that official updates and information would be available exclusively through CrowdStrike’s blog and technical support channels.

A Haven for Scammers

Cybersecurity expert Troy Hunt, who manages the well-known security website Have I Been Pwned, highlighted that incidents like the CrowdStrike outage are particularly attractive to scammers.

The Australian Signals Directorate (ASD) issued a specific alert regarding malicious websites and unofficial codes masquerading as CrowdStrike solutions. Similarly, the UK’s National Cyber Security Centre (NCSC) reported increased phishing attempts related to the outage.

“An increase in phishing referencing this outage has already been observed as opportunistic malicious actors seek to take advantage of the situation,” the NCSC stated.

Exploiting Fear & Uncertainty

Hackers are known to adjust their strategies based on current events, particularly those that generate significant public anxiety. The COVID-19 pandemic saw a similar rise in phishing emails purporting to provide information about the virus. With the CrowdStrike incident making headlines globally, scammers are again tweaking their methods.

Researchers at Secureworks have already observed a sharp rise in domain registrations mimicking CrowdStrike, aimed at tricking IT managers and the public into downloading malicious software or disclosing sensitive information.

Impact & Response

The IT outage has caused substantial disruption, with thousands of flights canceled worldwide, healthcare systems impacted, and banking services thrown into disarray. The fallout has been significant despite CrowdStrike’s assurances that a cyberattack did not cause the outage. Microsoft reported that about 8.5 million Windows devices were affected, leading to system failures known as the “blue screen of death.”

Efforts to address the outage are ongoing. CrowdStrike CEO George Kurtz appeared on NBC’s Today Show, reiterating the company’s commitment to restoring services and protecting customers from further threats. He acknowledged that while some systems might take time to recover fully, CrowdStrike’s mission is to ensure complete recovery and security for all affected users.

Protecting Yourself from Scams

Cybersecurity experts advise several measures to safeguard against potential scams:

• Verify communications: Be wary of unsolicited emails or messages claiming to offer assistance. Always verify the authenticity of such communications by visiting the company's official website
• Avoid clicking on suspicious links: If you receive an email or suspicious message, do not click on any links or download attachments. Instead, navigate directly to the official site for updates and support
• Strengthen your security: Use unique passwords for different accounts and change them regularly. Enable multi-factor authentication wherever possible to add an extra layer of security
• Be skeptical of unsolicited help: Large tech companies do not typically contact individuals spontaneously to offer help. If you receive such a message, it is likely a scam

Continued Vigilance Needed

The CrowdStrike outage is a stark reminder of the interconnected nature of modern technology and the vulnerabilities it can present. While efforts to restore services continue, users must remain vigilant against scams and phishing attempts. Cybercriminals are always looking for opportunities to exploit such crises, and staying informed and cautious is the best defense against falling victim to their schemes.