Get unlimited access. Save 70% when you subscribe today.

SmartCompany
Icon

Search

Create a free account, or log in

Finance

Technology

CrowdStrike and Microsoft outage sparks scam warnings from ACCC and the government

The ACCC’s National Anti-Scam Centre has warned small businesses of scams in the wake of the global CrowdStrike and Microsoft outage.
Tegan Jones
Tegan Jones
Icon

Share

microsoft crowdstrike scam right to disconnect
Source: Unsplash/ Priscilla Du Preez

The Australian Competition and Consumer Commission’s (ACCC) National Anti-Scam Centre (NASC) is warning small businesses of potential scams in the wake of the global CrowdStrike and Microsoft outage.

The NASC is advising both businesses and individuals to be cautious with unsolicited calls, emails, or messages advising the download of software patches or requesting remote access to fix or protect computers affected by the outage.

“Criminals look to take advantage of incidents like this CrowdStrike outage, creating a sense of urgency that you need to do what they say to protect your computer and your financial information,” ACCC deputy chair, Catriona Lowe, said.

“Anyone can be scammed, so it is important to be wary of any unsolicited contact that purports to provide assistance in the aftermath of a major event like this.”

The NASC advises not to rush into downloading anything or providing personal or financial information.

Instead, you should verify the identity of the person or organisation by calling their IT support or financial institution using independently sourced contact information.

If you have already disclosed information or provided access to a third party and are concerned it was a scam, contact your bank immediately and report the incident to Scamwatch.

Home Affairs Minister Clare O’Neil also warned businesses to be vigilant against potential scams.

“Some small businesses, in particular some individuals, are receiving emails from people who are pretending to be CrowdStrike, or who are pretending to be Microsoft and are indicating that you need to put in bank details to get access to a reboot, that you need to pay money, that you need to put your personal details in so that your systems can be brought back online,” Minister O’Neill said.

“Could I ask all Australians to be really cautious over the next few days about attempts to use this for scamming or phishing?

“Have a look at the communication that you’ve just received and just ask does it make sense for you. Your bank is not going to ask you to put your bank details in. If you’re -‑ you know, if you’re not a CrowdStrike customer as far as you’re aware, you do not need to reboot your systems, so just have a think about whether it makes sense.”

Minister O’Neill also urged people to look after vulnerable individuals, including elderly relatives, and to report any suspicious emails, texts, or calls to Scamwatch.

CrowdStrike has also acknowledged the dangers of exploitation at this time.

“We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives,” CrowdStrike CEO, George Kurtz, said.

Scams have been exponentially on the rise in recent years, with a recent report showing Australians lost $2.74 billion to scams in 2023.

What was the CrowdStrike and Microsoft outage?

These scam warnings come as a result of a global IT disruption caused by a corrupted software update from cybersecurity firm CrowdStrike.

The faulty update triggered a logic error resulting in system crashes and blue screens of death (BSOD) on affected systems.

The update, released on July 19, affected approximately 8.5 million computers globally. This also affected flights, news broadcasts and access to essential services such as healthcare and banking. Grocery stores such as Woolworths and Coles were also affected, with some closing on Friday.

“We’re working around the clock and providing ongoing updates and support. CrowdStrike has helped us develop a scalable solution that will help Microsoft’s Azure infrastructure accelerate a fix for CrowdStrike’s faulty update,” David Weston, Microsoft’s vice president, said over the weekend.

Microsoft estimates that the update affected less than 1% of all Windows machines worldwide, but the broad economic and societal impacts were significant due to the critical services run by many enterprises using CrowdStrike.

Minister O’Neil highlighted the extensive efforts to mitigate the impact of the outage.

“There has been a huge amount of work over this weekend to get the economy back up and running… however, it will take time until all affected sectors are completely back online. In some cases, we may see teething issues for one or two weeks,” Minister O’Neill said.

Never miss a story: sign up to SmartCompany’s free daily newsletter and find our best stories on LinkedIn.

About the author

Tegan Jones

Tegan Jones

Senior Technology Journalist

A multi-award-winning journalist, Tegan has been reporting on technology, telecommunications and gaming for the past 10 years. She regularly appears on mainstream media channels as an expert tech commentator. Her previous roles include editor of Gizmodo Australia and global reviews editor at Finder. She has also served as a reporter and editor across Business Insider, Lifehacker and Kotaku Australia. Tegan was the co-host of one of the top technology podcasts in Australia, Queens of the Drone Age. You can find her on Twitter @Tegan_Writes.

Similar topics

accc
Clare O'Neil
crowdstrike
microsoft
outages
scams

Recommended for you