The Australian Competition and Consumer Commission’s (ACCC) National Anti-Scam Centre (NASC) is warning small businesses of potential scams in the wake of the global CrowdStrike and Microsoft outage.
The NASC is advising both businesses and individuals to be cautious with unsolicited calls, emails, or messages advising the download of software patches or requesting remote access to fix or protect computers affected by the outage.
“Criminals look to take advantage of incidents like this CrowdStrike outage, creating a sense of urgency that you need to do what they say to protect your computer and your financial information,” ACCC deputy chair, Catriona Lowe, said.
โAnyone can be scammed, so it is important to be wary of any unsolicited contact that purports to provide assistance in the aftermath of a major event like this.”
The NASC advises not to rush into downloading anything or providing personal or financial information.
Instead, you should verify the identity of the person or organisation by calling their IT support or financial institution using independently sourced contact information.
If you have already disclosed information or provided access to a third party and are concerned it was a scam, contact your bank immediately and report the incident to Scamwatch.
Home Affairs Minister Clare O’Neil also warned businesses to be vigilant against potential scams.
โSome small businesses, in particular some individuals, are receiving emails from people who are pretending to be CrowdStrike, or who are pretending to be Microsoft and are indicating that you need to put in bank details to get access to a reboot, that you need to pay money, that you need to put your personal details in so that your systems can be brought back online,” Minister O’Neill said.
“Could I ask all Australians to be really cautious over the next few days about attempts to use this for scamming or phishing?
“Have a look at the communication that you’ve just received and just ask does it make sense for you. Your bank is not going to ask you to put your bank details in. If you’re -โ you know, if you’re not a CrowdStrike customer as far as you’re aware, you do not need to reboot your systems, so just have a think about whether it makes sense.”
Minister O’Neill also urged people to look after vulnerable individuals, including elderly relatives, and to report any suspicious emails, texts, or calls to Scamwatch.
CrowdStrike has also acknowledged the dangers of exploitation at this time.
โWe know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives,โ CrowdStrike CEO, George Kurtz, said.
Scams have been exponentially on the rise in recent years, with a recent report showing Australians lost $2.74 billion to scams in 2023.
What was the CrowdStrike and Microsoft outage?
These scam warnings come as a result of a global IT disruption caused by a corrupted software update from cybersecurity firm CrowdStrike.
The faulty update triggered a logic error resulting in system crashes and blue screens of death (BSOD) on affected systems.
The update, released on July 19, affected approximately 8.5 million computers globally. This also affected flights, news broadcasts and access to essential services such as healthcare and banking. Grocery stores such as Woolworths and Coles were also affected, with some closing on Friday.
โWeโre working around the clock and providing ongoing updates and support. CrowdStrike has helped us develop a scalable solution that will help Microsoftโs Azure infrastructure accelerate a fix for CrowdStrikeโs faulty update,” David Weston, Microsoftโs vice president, said over the weekend.
Microsoft estimates that the update affected less than 1% of all Windows machines worldwide, but the broad economic and societal impacts were significant due to the critical services run by many enterprises using CrowdStrike.
Minister O’Neil highlighted the extensive efforts to mitigate the impact of the outage.
โThere has been a huge amount of work over this weekend to get the economy back up and running… however, it will take time until all affected sectors are completely back online. In some cases, we may see teething issues for one or two weeks,” Minister O’Neill said.
Never miss a story: sign up toย SmartCompanyโsย free daily newsletterย and find our best stories onย LinkedIn.
Comments