How to Protect Yourself from CrowdStrike Crash Scams

How to Protect Yourself from CrowdStrike Crash Scams

In the hours after US cybersecurity firm CrowdStrike deployed a flawed software update that shut down major businesses and services around the world, scammers struck.

Government agencies and companies are warning that the panic caused by Friday’s CrowdStrike crash is creating an opportunity for criminals to take advantage of customers looking to rebook their flights, access their banking information or fix their technology.

Here are some ways to protect yourself from fraudulent practices.

Scammers see their opportunity.

CrowdStrike provides cybersecurity for about 70 percent of the Fortune 100. The crash caused widespread disruptions, grounding planes, shutting down businesses, disrupting emergency services and delaying banking transactions.

Online thieves are using the confusion to carry out various scams, including phishing attempts, according to the U.S. Cybersecurity and Infrastructure Security Agency. The U.K.’s National Cyber ​​​​Security Center issued a similar statement, saying it “has already seen an increase in phishing activity referencing this outage.”

Scammers may try to get your money directly by offering a product such as a fake airline ticket, or they may be after personal identification information that will give them access to your finances in the future.

Which sectors does it target?

According to Anton Dahbura, director of the Information Security Institute at Johns Hopkins University, frustrated customers have been scrambling to find new flights due to grounded planes, fueling the travel industry’s scams.

For example, suspicious social media accounts with fewer than five followers have posed as airline support staff. The accounts respond on social media to customers seeking assistance from airlines.

One of these accounts, which posts under the name @EasyJetHlpdek, joined the social platform X this month and began replying to messages from travellers on Friday.

“Please do something about all these @Delta scam accounts,” one social media user posted. “They are making a technical problem worse by trying to fraudulently redirect customers to DMs.”

Some airlines have acknowledged the phishing attempts.

JetBlue responded to a post on X about fraudulent accounts by writing that the company “is aware of the impersonation accounts and is reporting them in the hopes that Twitter will track them down.”

The cybersecurity sector also appears to be a target for fraud.

CrowdStrike said on its blog that it was aware of groups impersonating CrowdStrike Support. These groups send users files to download with the promise that once they are opened, they will fix the crash. Instead, the files contain malware.

Because the impact of the crash is so great, few industries are safe.

“It could be anything, unfortunately,” Dahbura said. “It could be anything, anyone, at any time.”

This is how you recognize fraud.

Scammers often ask for information that a verified company already knows about you, or for details that the company doesn’t need at all, Dahbura said.

On social media, Delta’s verified X account asked customers who had trouble with their flights to message the company’s account with their full name, confirmation number, travel cities and travel dates.

This information is less sensitive than asking for someone’s date of birth, home address, or social security number, which a fraudulent account would ask for.

Poor grammar and spelling on social media and in texts and emails can also be a sign of a fraudulent account. Also check the location where a call or message is coming from, but keep in mind that it is often difficult to spot scammers.

“They’ve become incredibly smart,” Dahbura said.

Don’t give in to the impulse to want to do something quickly.

Think twice before giving your personal information to someone over the phone and look carefully at any link before giving out your credit card information for an online purchase.

During a disruption on the scale caused by the CrowdStrike crash, customers may feel desperate. That desperation, in turn, can fuel demand for a quick fix.

While it may take longer to get a response from a verified company, Dahbura says it’s better to take the extra time than risk a potentially bogus offer of help.

“There’s a balance between being cautious and being paranoid,” he said, “and you almost have to be on the edge of paranoid.”

Published July 21, 2024, 03:23 IST