Email Security Blog

As CrowdStrike Prompts a Global Tech Outage, Phishers Strike in Turn

Millions of companies worldwide are reeling from the major cyber outage caused by a faulty system update released by the cloud-based cybersecurity firm CrowdStrike. Slated by some as causing ‘global chaos’, the outage has impacted hospitals, police stations, airlines, banks, stock exchanges, consumers, and more.1

CrowdStrike provides antivirus software to Microsoft for its Windows devices and those affected by the outage received what is informally known as “the blue screen of death”, indicating the computer systems are down.

394 Blog INKY Blue Screen-1

According to CrowdStrike CEO, George Hurtz, "This was not a code update. This was actually an update of content. And what that means is there's a single file that drives some additional logic on how we look for bad actors, and this logic was pushed out and caused an issue only in the Microsoft environment specific to this bug that we had."2

Beware of Scammers Exploiting the CrowdStrike Global Outage 

INKY Blog 394 (1)While it was confirmed that the outages are not due to a security incident or cyberattack, cybercriminals are taking advantage of the chaos by targeting unsuspecting companies. Hackers are creating fake CrowdStrike domains in an attempt to deceive users and gain unauthorized access to sensitive information.

Phishers made quick work of setting up fraudulent websites that mimic legitimate CrowdStrike domains. These sites may look convincing, but their purpose is malicious. By tricking users into thinking they are accessing a legitimate CrowdStrike service, these cybercriminals aim to steal login credentials, distribute malware, or perpetrate other harmful activities. 

 

How to Protect Yourself Against CrowdStrike Phishers

There are several email security best practices that everyone should embrace until they become second-nature.

  1. Verify URLs: Always double-check the URL before entering any sensitive information. Official CrowdStrike domains typically end in “.crowdstrike.com.”
  2. Be Skeptical of Unsolicited Emails: Phishing emails are a common tactic. Be cautious of any unexpected emails that claim to be from CrowdStrike, especially those urging immediate action.
  3. Enable Multi-Factor Authentication (MFA): Adding an extra layer of security can help protect your accounts, even if your credentials are compromised.
  4. Update Security Measures: Ensure your security software is up-to-date and continuously monitor it for any unusual activities.

  

What to Do if You’ve Been Phished in a CrowdStrike Email Scam

If you suspect you’ve encountered a fake CrowdStrike domain or received a phishing email, report it immediately to your IT department and to CrowdStrike’s official support channels. Taking swift action can help mitigate potential damage and prevent further exploitation. 

 

As always, stay vigilant during this period of disruption, and always prioritize security best practices to protect your company from potential threats. 

 

About INKY

Investing in the type of technology you need to protect you and your company from phishing attacks is no longer something that should be considered optional.   INKY is the industry’s best solution for the security of your email. Cost-effective and powerful, INKY can be implemented quickly, regardless of whether your employees work at the office or remotely. Uniquely effective at catching phishing attacks, INKY uses computer vision, artificial intelligence (AI), and machine learning, to search for signs of fraud. It works on any device - including mobile - and places highly visible warning banners directly in the email.

Learn more about INKY and schedule a free demonstration today.

 

----------------------

INKY is an award-winning, behavioral email security platform that blocks phishing threats, prevents data leaks, and coaches users to make smart decisions. Like a cybersecurity coach, INKY signals suspicious behaviors with interactive email banners that guide users to take safe action on any device or email client. IT teams don’t face the burden of filtering every email themselves or maintaining multiple systems. Through powerful technology and intuitive user engagement, INKY keeps phishers out for good. Learn why so many companies trust the security of their email to INKY. Request an online demonstration today.

 

1Source: https://abcnews.go.com/US/american-airlines-issues-global-ground-stop-flights/story?id=112092372

2Source: https://www.cbsnews.com/news/what-is-crowdstrike-global-microsoft-outage/

 

Topics: