Consumers beware: CrowdStrike outage sparks scam concerns

The global outage triggered by a botched software update from CrowdStrike on Friday last week has led to an increased risk of consumer scams.

The widespread cyber outage hit media, retailers, banks and airlines, affecting Windows devices leading to “a system crash and ‘blue screen of death’ (BSOD) on impacted systems”, according to CrowdStrike.

While CrowdStrike's co-founder and CEO George Kurtz confirmed on X (formerly Twitter) “this is not a security incident or cyberattack”, the ongoing incident has resulted in Australia’s top security and regulator entities calling consumers to stay alert for scams.

The country's cyber intelligence agency, Australian Signals Directorate (ASD), released a consumer warning on Saturday stating it “strongly encourages all consumers to source their technical information and updates” from official CrowdStrike sources.

It also warned “a number of malicious websites and unofficial code are being released claiming to help entities recover from the widespread outages caused by the CrowdStrike technical incident.”

Minister for home affairs and cyber security, Clare O’Neil said via LinkedIn, “It is very important that Australians are extremely cautious of any unexpected texts, calls or emails claiming to be assistance with this issue.

“You can help by making sure vulnerable people, including elderly relatives, are being extra cautious at this time. Report any suspicious communications through Scamwatch,” O’Neil said.

The National Anti-Scam Centre, run by the Australian Competition and Consumer Commission (ACCC) also launched its own warning, cautioning consumers and small businesses to be wary of all communications.

The organisation warned of any “unsolicited calls, emails or messages requesting they download a software patch or provide remote access to fix or protect their computer from the CrowdStrike/Microsoft outage.”

ACCC Deputy Chair Catriona Lowe said, “Criminals look to take advantage of incidents like this CrowdStrike outage, creating a sense of urgency that you need to do what they say to protect your computer and your financial information,”

“Anyone can be scammed, so it is important to be wary of any unsolicited contact that purports to provide assistance in the aftermath of a major event like this,” Lowe said.

Many banks have released statements as well including ANZ Banking Group, warning “downloading unsolicited software can give scammers access to your computer, including your bank accounts.”

The Commonwealth Bank of Australia reminded customers that while it is still monitoring impacts from the third-party technology outage, it “will never ask for your NetBank Client ID, password, NetCode or to log in directly from an SMS or email.”

A CBA spokesperson told Digital Naiton, "In relation to the global technology outage - CommBank services were and remain available including NetBank, the CommBank app, CommBiz, merchant payments and our ATMs.

"There was a temporary industry-wide issue with making PayID payments, so CBA informed customers of the alternative ways they could transfer funds. This matter was quickly rectified.

"We know scammers are using this outage to their advantage, so we have proactively reached out to our customers over the weekend to provide information on phishing scams and how they can protect themselves," the spokesperson added. 

A NAB spokesperson told Digital Nation that “all of NAB’s customer systems (Internet Banking, NAB app, ATMs, etc) have been working as normal.”.

“NAB has issued an alert to ensure customers remain vigilant to unsolicited calls, emails or messages,” the spokesperson said.

Register for our Digital As Usual breakfast event this Wednesday, August 7th at the Establishment Ballroom in Sydney. Click here to register and secure your place.

We'll be hearing insights from across HR, marketing and finance plus unveil our 'Digital As Usual' report.