NOTICE: Phishing Scams Related to CrowdStrike Global Outage
Some threat actors are pretending to be CrowdStrike support or other companies offering a solution to the problem, leading recipients to fake websites claiming to provide tech support or services.
Be cautious of fraudulent activities related to the global Windows system outage connected to CrowdStrike. Some threat actors are pretending to be CrowdStrike support or other companies offering a solution to the problem. They are sending phishing emails with subject lines such as “CrowdStrike Support” or “CrowdStrike Security,” leading recipients to fake websites that claim to offer tech support or services in return for fees or “donations.” Additionally, some threat actors are impersonating CrowdStrike support staff over phone calls.
Threats
Threat actors take advantage of the chaos during system outages by sending phishing emails. This is because recipients may be more likely to fall for these scams when dealing with system problems. The recipients, thinking they are being contacted by the company associated with the outage, may be more willing to pay fees or provide personal information.
These threat actors often ask for fees, usually in Bitcoin or through Paypal, or request donations to provide support or “fix” the problem.
In addition to these tactics, threat actors may try other common methods, such as tricking individuals into clicking a link that downloads malware or asking for remote access to their computers. This remote access allows threat actors to steal information from systems and accounts.
It’s important to also be cautious of “alternative solutions” shared online during these times. Some of these solutions may be malicious and intended to trick individuals into causing further issues with their systems or providing access to threat actors.
Detection
Be wary of any emails claiming to be from CrowdStrike, e.g., “CrowdStrike Support” or “CrowdStrike Security.” Also, watch out for emails or phone calls that claim to offer tech support or services to fix problems caused by the Windows outage related to CrowdStrike.
If you need assistance with your college-provided device, please contact our IT support.
Information for Users
Do not reply to suspicious emails, click links in them, or make payments or donations. Please report the email message and then delete it. If you receive a suspicious phone call, hang up. Please report the email message using the Phish Alert Button.
In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Scams.
Questions, Concerns, Reports
Please contact LITS Information Security through the helpdesk.
References
- Cyber criminals quickly exploit CrowdStrike chaos (The Register. 7/19/24)
- Don’t Fall for It: Hackers Pounce on CrowdStrike Outage with Phishing Emails (PC Mag, 7/19/24)
- Don’t Fall for CrowdStrike Outage Scams (WIRED, 7/19/24)
- Guidance for CrowdStrike Windows Outage (CIS, 7/19/24)
- Scam warning as fake emails and websites target users after outage (BBC, 7/19/24)
- Callback Malware Campaigns Impersonate CrowdStrike and Other Cybersecurity Companies (CrowdStrike Blog, 7/8/22)
