Protecting Yourself From Scams After the CrowdStrike-Related Microsoft Outage

The Microsoft IT outage that affected services globally on Friday was caused by a software update from a third-party cybersecurity firm, CrowdStrike.

The outage, which continues to cause disruption, affected 8.5 million Windows devices. Although this represents less than one percent of all Windows machines, the outage crashed systems worldwide, impacting online banking portals and air travel, among other services.

While the outage was not caused by a cyberattack, concerns have grown from both cybersecurity firms and government-affiliated agencies about how scammers are exploiting the outage and the resulting confusion around malicious cyber activity.

The U.K.’s National Cyber Security Centre and Australia’s Australian Cyber Security Centre are among the organizations issuing warnings for consumers to be wary of scams during this time.

According to CrowdStrike, a “likely eCrime actor is using file names capitalizing on July 19, 2024,” specifically utilizing a malicious ZIP archive named “crowdstrike-hotfix.zip” to steal data from customers.

Here’s how you can protect yourself from scammers as disruptions from the outage continue to unfold.

Be alert

You’ve already begun this first step. Be aware of phishing scams that have emerged to capitalize on the CrowdStrike outage and do not download ZIP files or software from unknown sources claiming to help with the outage.

When receiving requests for personal information from unknown numbers, be cautious and never share sensitive information with unverified sources.

The U.K.’s National Cyber Security Centre has a sheet for how organizations and businesses can protect their employees from phishing. This guidance includes four layers of mitigation tactics, from employing anti-spoofing controls to ensuring employees are aware of what phishing looks like and the tactics used to trick users into handing over information or making unauthorized payments.

Go straight to official websites

David Brumley, a professor of electrical and computer engineering at Carnegie Mellon University, tells TIME he has witnessed a few different types of scam tactics over the weekend. The most prominent of these include malicious actors pretending to be CrowdStrike, offering to help businesses after the outage. He’s also noticed scammers pretending to be airlines and other organizations, again pretending to offer help to those impacted. The best course of action, Brumley notes, is always to contact business representatives directly.

“If you get a text that purports to be from one of [these businesses] and you feel uncomfortable, always just call them directly,” Brumley says.

CrowdStrike has its own to help those affected, and Microsoft also has its own

Be sure to contact these companies via their official pages and help desks, rather than by responding to texts or emails claiming to be sent from the companies or affiliated parties.

Don’t rush

According to Catriona Lowe, deputy chair of the , these scammers often create “a sense of urgency that you need to do what they say to protect your computer and your financial information.” 

The best way to combat this is to slow down and ensure that you are not giving out personal details over text and email, especially to unverified sources.

Report the scam

Different countries have designated websites where you can report scams. In Australia, people can head to for further help. In the U.K., those impacted or concerned can send an email to . Meanwhile, in the U.S., people can report instances of fraud via the .

Check in with vulnerable friends and family members

According to the , older adults—defined generally as those —are often the target of scams. When possible, check in with older friends and family to ensure that they have the above tools and are aware of the rise in phishing scams as a result of the outage.

Clare O’Neil, Australia’s Minister for Home Affairs and Minister for Cyber Security, has also pointed out the need to protect those most vulnerable to falling victim to scams. In she said: “It is very important that Australians are extremely cautious of any unexpected texts, calls or emails claiming to be assistance with this issue.” She continued by specifying that people can help by “making sure vulnerable people, including elderly relatives, are being extra cautious at this time.”