Anti-Phishing, DMARC , Business Continuity Management / Disaster Recovery , CrowdStrike Outage Updates

Fake Websites, Phishing Appear in Wake of CrowdStrike Outage

Authorities Warn About Domains Targeting Victims Seeking to Restore Windows Devices
Fake Websites, Phishing Appear in Wake of CrowdStrike Outage
Image: Shutterstock

Cybercriminals are wasting no time in exploiting the chaos created by the CrowdStrike outage.

See Also: Gartner Guide for Digital Forensics and Incident Response

Within a day of the global outage linked to a CrowdStrike faulty software update that leaves Windows systems displaying the dreaded "blue screen of death," cybercriminals launched deceptive websites with domain names that include keywords such as "CrowdStrike" and "blue screen." Hackers are hoping to attract unsuspecting users searching for IT fixes for the outage, according to CISA, other government agencies and security researchers.

These fake sites often promise quick fixes or falsely offer cryptocurrency rewards to lure visitors into accessing malicious content.

George Kurtz, CEO of CrowdStrike, emphasized the importance of using official communication channels and urged customers to be wary of imposters. "Our team is fully mobilized to secure and stabilize our customers' systems," Kurtz said, noting the significant increase in phishing emails and phone calls impersonating CrowdStrike support staff.

Imposters have also posed as independent researchers selling fake recovery solutions, further complicating efforts to resolve the outage.

Rachel Tobac, founder of SocialProof Security, warned about social engineering threats in a series of tweets on X, formerly Twitter. "Criminals are exploiting the outage as cover to trick victims into handing over passwords and other sensitive codes," Tobac warned.

She advised users to verify the identity of anyone requesting sensitive information.

The surge in cybercriminal activity in the wake of the outage follows a common tactic used by cybercriminals to exploit chaotic situations. Cybersecurity firm SentinelOne reported seeing threat actors use social engineering, phishing attempts, credential theft, deepfake video and voice calls, and false information to capitalize on the outage.

CISA said it is working closely with CrowdStrike and federal, state, and international partners to address the crisis. In a statement, CISA reiterated the importance of avoiding phishing emails and suspicious links, which can lead to email compromise and other scams.

The U.K.'s National Cyber Security Center also warned about an increase in phishing attacks. "Note that an increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation," the agency said.

Cyber campaigns may be aimed at both organizations and individuals. Organizations should review NCSC guidance to make sure that multilayer phishing mitigations are in place, while individuals should be alert to suspicious emails or messages on this topic and know what to look for.

"While the CrowdStrike outage was not caused by a cyberattack, threat actors are capitalizing on the incident to conduct phishing and other malicious activities," CISA said.

The deceptive domains, including names such as crowdstriketoken.com, crowdstrikedown.site, and crowdstrike-helpdesk.com, have already emerged, targeting individuals desperate to restore their systems. The urgency created by the outage has made potential victims more susceptible to scams.

CrowdStrike issued guidance to affected organizations, emphasizing the importance of communicating with official representatives and adhering to technical advice provided by their support teams. The company has also published a list of fraudulent domains to help users identify and avoid potential scams.

As the global tech community works to recover from the disruption, the collaborative efforts between CISA, CrowdStrike and other cybersecurity partners aim to mitigate the impact of these malicious activities.

Users are urged to remain vigilant, verify the authenticity of any communications related to the outage and rely on trusted sources for guidance.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.