Phishing Scams Related to CrowdStrike/Global Outage

Threat actors are exploiting the global Windows systems outage related to CrowdStrike by posing as CrowdStrike support or other companies that can “fix” the problem. They are sending phishing emails with subject lines such as “CrowdStrike Support” or “CrowdStrike Security” that direct recipients to fraudulent websites that purport to provide tech support or services in exchange for fees or “donations.” Some threat actors have also made phone calls posing as CrowdStrike support.staff

Threat actors take advantage of the chaos of system outages by sending phishing emails because recipients may be more susceptible to falling for them. Recipients may be more likely to pay fees or provide personal information, particularly if they believe they are being contacted by the company associated with the outage.

Threat actors ask for fees (often in bitcoin or through Paypal) or donations to provide support or “fix” the problem.

It is possible that threat actors could employ other common tactics such as asking an individual to click a link that downloads malware to their system. Another tech support scam tactic is to ask the person to give remote access to an individual’s computer, which enables the threat actor to access systems and account information.

In addition to targeted phishing emails, it is important to be wary of “alternative solutions” shared  online.  Some of them may be malicious and intended to trick individuals into creating further issues with their systems or providing access to threat actors.

Be wary of any emails claiming to be from CrowdStrike, e.g. “CrowdStrike Support” or “CrowdStrike Security” Also watch out for emails or phone calls that claim to offer tech support or services to fix problems caused by the Windows outage related to CrowdStrike. 

If you need assistance for your university-provided device, please contact your local IT support.

Do not reply to suspicious emails, click links in them, or make payments or donations. Please report the email message and then delete it.. If you receive a suspicious phone call, hang up.

Please send the entire email message or a description of a suspicious phone call to [email protected]. Learn more about how to Report Phishing & Email Abuse.

In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Scams, Secure Your Devices, and Secure Your Internet Connection on the U-M Safe Computing website.

Please contact ITS Information Assurance through the ITS Service Center.

• Cyber criminals quickly exploit CrowdStrike chaos (The Register. 7/19/24)
• Don’t Fall for It: Hackers Pounce on CrowdStrike Outage with Phishing Emails (PC Mag, 7/19/24)
• Don’t Fall for CrowdStrike Outage Scams (WIRED, 7/19/24)
• Guidance for CrowdStrike Windows Outage (CIS, 7/19/24)
• Scam warning as fake emails and websites target users after outage (BBC, 7/19/24)
• Callback Malware Campaigns Impersonate CrowdStrike and Other Cybersecurity Companies (CrowdStrike Blog, 7/8/22)