Cyber-security experts and agencies around the world are warning people about a wave of opportunistic hacking attempts linked to the IT outage.
Beware of Scams: Fake Emails and Websites Target Users After IT Outage
Although there is no evidence that the CrowdStrike outage was caused by malicious activity, some bad actors are attempting to take advantage.
Cyber agencies in the UK and Australia are warning people to be vigilant to fake emails, calls and websites that pretend to be official.
And CrowdStrike head George Kurtz encouraged users to make sure they were speaking to official representatives from the company before downloading fixes. “I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.,” Kurtz said in a blogpost.
Fear and Paranoia
Anytime there is a major news event, particularly one involving technology, hackers respond by adjusting their existing methods to account for the anxiety and uncertainty.
We witnessed the same thing with the Covid-19 pandemic when hackers modified their phishing email campaigns to include viral information and even pretended to have an antidote to hack people and organizations.
The Surge in Scams Post-Outage
Because the IT breakdown has become a global news issue, hackers are capitalising.
According to SecureWorks researchers, there has already been a significant increase in CrowdStrike-themed domain registrations, which involve hackers registering new websites that appear to be official and potentially trick IT managers or members of the public into downloading malicious software or handing over private information.
Managers on the Lookout
The advice is mostly for IT managers, who are being impacted while they work to restore their organizations' online operations.
Individuals may also be targeted, thus experts advise caution and to only act on information obtained through legitimate CrowdStrike channels.
Protecting Yourself from Scams
- Verify the Source: Always verify the authenticity of any communication you receive. Contact the company directly using official contact information from their website, not the contact details provided in the suspicious message.
- Look for Red Flags: Be wary of unsolicited messages that create a sense of urgency or pressure you to take immediate action. Check for spelling and grammatical errors, which are common in phishing attempts.
- Use Security Software: Install and regularly update security software on your devices. This can help detect and block malicious websites and emails.
- Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA on your accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.
- Educate Yourself: Stay informed about the latest scam tactics and share this information with friends and family. Awareness is a powerful tool in preventing cybercrime.
