How to protect yourself from scams amid the CrowdStrike outage

TThe Microsoft IT outage that affected services worldwide on Friday was caused by a software update from third-party cybersecurity technology company CrowdStrike.

According to Microsoft, the outage – which continues to cause outages – affected 8.5 million Windows devices. While they note that this represents less than one percent of all Windows machines, the outage has taken down systems across the world, with online banking portals and air travel among the affected services.

The outage was not caused by a cyberattack, but concern has since grown so much CrowdStrike and government-affiliated agencies about how scammers are taking advantage of the disruption and resulting confusion surrounding malicious cyber activity.

America’s Cyber ​​Defense Agencythe United Kingdom National Cyber ​​Security Centerand Australia National Anti-Scam Center are among the organizations issuing warnings for consumers to be careful about scams at this time.

see more information: CrowdStrike’s Role in Microsoft’s IT Disruption, Explained

According to CrowdStrike Bloga “likely eCrime actor is using uppercase filenames on July 19, 2024,” specifically using a malicious ZIP file called “crowdstrike-hotfix.zip” to obtain customer data.

Here’s how you can protect yourself from scammers as outage disruptions continue to occur.

Be aware

You have already started this first step. Be aware of phishing scams that have emerged to capitalize on the CrowdStrike outage and do not download zip files or software from unknown sources claiming to help with the outage.

When receiving requests for personal information from unknown numbers, be alert and never share sensitive information with unverified sources.

The UK National Cyber ​​Security Center robust guidance sheet on how organizations and businesses can protect their employees from phishing. This guidance includes four layers of mitigation tactics, from employing anti-spoofing controls to ensuring employees are aware of what phishing looks like and the tactics used to trick users into handing over information or making unauthorized payments.

Go straight to official websites

David Brumley, a professor of electrical and computer engineering at Carnegie Mellon University, told TIME he saw a few different types of scam tactics over the weekend. The most prominent include malicious actors pretending to be CrowdStrike, offering help to businesses after the outage. He also noticed scammers pretending to be airlines and other organizations, again pretending to offer help to those affected. The best course of action, notes Brumley, is always to contact sales representatives directly.

“If you receive a message purporting to be from one of the [these businesses] If you feel uncomfortable, just call them directly,” says Brumley.

CrowdStrike has its own “Remediation and Guidance Hub” on his blog to help those affected, and Microsoft also has its own support page.

Make sure to contact these companies through their official pages and technical support rather than responding to text messages or emails. claiming to be sent by companies or affiliates.

Do not hurry

According to Catriona Lowe, vice president of Australian Competition and Consumer Commissionthese scammers often create “a sense of urgency that you need to do what they say to protect your computer and financial information.”

The best way to combat this is to slow down and ensure you don’t disclose personal details via text and email, especially to unverified sources.

Report the scam

Different countries have designated websites where you can report fraud. In Australia, people can go to Scam watch for more help. In the UK, those affected or concerned can email report@phishing.gov.uk. Meanwhile, in the US, people can report cases of fraud through Federal Trade Commission.

Check in with vulnerable friends and family

According to US National Institute on Agingelderly – generally defined as those over 65 years old—are often the target of scams. Where possible, talk to older friends and family to ensure they have the above tools and are aware of the increase in phishing scams as a result of the disruption.

Clare O’Neil, Australia’s Minister for Home Affairs and Minister for Cyber ​​Security, also pointed out the need to protect those most vulnerable to falling victim to fraud. In a series of posts shared on X (formerly Twitter) she said: “It is very important that Australians are extremely cautious about any unexpected texts, calls or emails claiming to be of assistance with this issue.” She went on to specify that people can help by “ensuring that vulnerable people, including elderly relatives, are extremely cautious at this time.”