Scammers use CrowdStrike outage to target victims

COLUMBUS, Ohio (WCMH) – Cybersecurity experts and agencies around the world have issued warnings about a wave of hacking attempts linked to last week’s CrowdStrike outage.

CrowdStrike said the outage was caused by a faulty software update; there is no evidence of malicious activity related to the outsage itself. But some bad actors are exploiting the situation for their own gain.

The U.S. Cybersecurity and Infrastructure Security Agency warned consumers to be mindful of phishing attempts connected to the outage. CrowdStrike also put out a warning in a blog post after the firm received reports that scammers are impersonating CrowdStrike employees in fake emails and phone calls, or posing as independent researchers, claiming to have evidence that the technical issue is linked to a cyberattack, then "selling" bogus software to fix the glitch, or asking in-depth questions to retrieve personal information.

"And, typically with these scams, a key telltale is urgency," said Neal O'Farrell, an award-winning cybersecurity expert and founder of The Center for AI Crime.

O'Farrell said the tactics these scammers use are nothing new, but there is a lot of uncertainty around the outage for everyday consumers; adding that a situation like this, where people are searching for information and are hungry for solutions, can mislead well-intentioned people into taking the wrong steps such as giving up sensitive information, a Social Security number, or financial information.

"So, if this is a sense of urgency and they're asking you to do things that just don't feel right, take a breath, take a moment, double check,” O'Farrell said.

On its website, CrowdStrike posted a list of fake sites being used to impersonate the firm, and also offered additional resources and regularly updated information.