As the world slowly recovers from the massive computer outage caused by CrowdStrike, cybercriminals are taking advantage of the confusion to impersonate the affected company and services to scam Internet users.
You probably haven’t missed it, but on Friday, July 19, thousands of companies and services around the world were brought to a standstill following a huge bug during a Windows software update. It’s quite simple: this outage paralyzed many sectors, such as air and rail transport, banking, health, and even the media – no fewer than 8.5 million computers were affected! The problem was caused by a faulty update of a security software widely used in the professional world, the Falcon platform developed by the company CrowdStrike (see our article).
But as things slowly start to return to normal—Microsoft has made a recovery tool available to speed up the process—cybercriminals are jumping in, posing as CrowdStrike customer service or companies that were affected by the outage to retrieve sensitive information from victims. The U.S. Cybersecurity and Infrastructure Security Agency itself has noted “that cybercriminals are exploiting this incident to carry out phishing and other malicious activities”. A message relayed by the Australian government agency in charge of cybersecurity on X. These attacks target both businesses and individuals.
Global IT Outage: CrowdStrike Identity Theft
CrowdStrike sounds the alarm in a blog postin which he warns that several sites are impersonating him. At least thirty domain names have been identified, with names referring to a technical service such as “crowdstrikebluescreen.com”, “crowdstrike-helpdesk.com” and “crowdstrikefix.com”. Cybercriminals do not hesitate to send phishing emails pretending to be the company’s help desk, to impersonate staff during phone calls, to pretend to be independent researchers, claiming to have proof that the technical problem is linked to a cyberattack and offering solutions, or to sell scripts supposedly automating the resumption of normal activities.
But the scams don’t stop there. McAfee researchers found that they also affected companies affected by the outage, with “flights falsely rescheduled by scammers, cybercriminals impersonating banks to steal login information, and even retailers asking for alternative payment methods“. Of course, cybercriminals also use phishing, through an email, message or phone call that appears to come from a reliable company and informs victims of a computer problem. An excuse to ask them for remote access to their computer in order to steal important information, such as their passwords or banking information.
For his part, Bleeping Computer has spotted a fake update, dubbed CrowdStrike Hotfix, that is being spread on the web. It contains several viruses that are responsible for taking control of the machine remotely and erasing all user data.
Computer Outage Scam: Businesses and Individuals Targeted
CrowdStrike “recommends that organizations ensure they communicate with Crowdstrike representatives through official channels and adhere to technical guidance provided by its support teams”while McAfee invites Internet users “to remain very vigilant regarding unsolicited communications” and to “avoid clicking on suspicious links”.
Remember that if you are ever the target of an online or SMS scam, immediately forward the message to Signal Spam, Pharosor directly to 33,700the platform specialized in reporting scams. You can also report these fraudulent messages to the site internet-signalement.gouv.fr. Then block the sender’s number so as not to be bothered any more and delete the message in question.