How to protect yourself from scams after Crowdstrike outage

Event planners beware: There’s been a sharp increase in phishing scams following the global IT outage.

by Meetings & Conventions Asia
July 23, 2024
When unsuspecting users key in their banking or personal data to malicious sites, hackers can use this information for nefarious purposes.
When unsuspecting users key in their banking or personal data to malicious sites, hackers can use this information for nefarious purposes. Photo Credit: Adobe Stock/nateejindakum

Traffic on the internet’s superhighway ground to a halt last week when the world experienced a global IT outage, caused by a software update from CrowdStrike, one of the world’s largest security vendors.

To say the outage caused chaos was an understatement, with flights cancelled, global services disrupted, and broadcasters unable to go on-air. But that wasn’t all – the outage was a golden opportunity for malicious activity. Over 40 phishing and phony lookalike domains were created in the first 24 hours of the outage.

“In the early hours of July 19, scammers began trying to lure victims into various scams,” said Abhilash Garimella, vice president of Research at Bolster, an AI startup that specialises in multi-channel phishing protection. “Within the first 24 hours, more than 40 typosquat domains were targeting CrowdStrike users and had been added to the CheckPhish site.”

Typosquats, or lookalike domains, are when hackers register domains with deliberately misspelled names of well-known websites. Users who do not realise they are visiting a fake website may be tricked into entering sensitive information, such as their username and password or their bank or credit card details.

How do you keep a lookout for scams?

In the wake of these heightened risks, Garimella has shared the following tips for organisations to protect themselves and their employees:

  1. Security teams should add the list of typosquat domains to their email security and web security gateway blocklists to prevent business email compromise (BEC) attacks or phishing emails to employees.
  2. Double-check URLs and domains before entering information, especially if they were sent via an email or an SMS.
  3. Google or Bing search for official contact or support channels. CrowdStrike and Microsoft have official support channels and phone numbers on their websites.
  4. Be cautious before accepting unsolicited help via email or phone. It is nearly impossible to distinguish between real help and a tech support scam.
  5. If you encounter a phishing page or a scam call, report it to your company's IT department and CrowdStrike's website, if applicable. Add the scam to an active list, and raise community awareness of it.

 

Magazines

Most Popular

In the Spotlight

Tips for picking a great destination for your next event
Tips for picking a great destination for your next event
Stop booking venues, start booking experiences
Stop booking venues, start booking experiences
How to rise to the high bar of mega incentive trips
How to rise to the high bar of mega incentive trips
Make room for your boldest events
Make room for your boldest events
Malaysia steps up global MICE game at TMS APAC
Malaysia steps up global MICE game at TMS APAC
Inside the rise of a new tech events powerhouse
Inside the rise of a new tech events powerhouse
Change of pace: 4 ways to infuse wellness into your next event
Change of pace: 4 ways to infuse wellness into your next event
Uncover Singapore’s most surprising incentive experiences
Uncover Singapore’s most surprising incentive experiences
This convention centre is getting a new social life
This convention centre is getting a new social life
Diagnosing Macao’s hidden potential as a medical congress powerhouse
Diagnosing Macao’s hidden potential as a medical congress powerhouse