SCAM OF THE WEEK: CrowdStrike Outage Phishing Scams

Recently, a mass IT outage caused confusion and chaos.

A buggy software update deployed by the cybersecurity company CrowdStrike impacted Windows computers worldwide. Systems were affected globally, resulting in delayed flights, business closures, and more. However, what may be bad news for you could be good news for cybercriminals. Cybercriminals often seek to turn major events to their advantage by sending out phishing emails or text messages related to the event. By using a major event that you are familiar with, they hope that they can trick you into clicking on malicious links or attachments.

Shortly after the outage, cybercriminals began creating fake websites. The websites claim to belong to IT workers who can assist with troubleshooting the outage and restoring access to affected computers. There are files on the fake websites that appear to be software updates for Windows computers. However, these files actually contain malware. If you download them, malicious software can be installed on your computer, giving cybercriminals access to your personal data!

Follow these tips to avoid falling victim to any CrowdStrike-related scams:

• This specific scam involves fake websites, but remember that cybercriminals will exploit this event in different ways. Be on the lookout for any suspicious activity related to the CrowdStrike outage.
• Don’t download any files or attachments from websites or emails. Any troubleshooting related to the CrowdStrike outage should be addressed by your organization’s IT team.
• Be cautious of unexpected calls, emails, or text messages that seem urgent to respond to. Cybercriminals will try to use this outage to trick you into acting impulsively.

Content provided by KnowBe4