Bolster detects spike in malicious activity following CrowdStrike incident

July 22, 2024
More than 40 phishing and phony lookalike domains were created in the first 24 hours following the CrowdStrike software incident.

Bolster today announced that its free CheckPhish site has detected a spike in malicious activities. More than 40 phishing and phony lookalike domains were created in the first 24 hours following the CrowdStrike software incident.

CheckPhish is a free, real-time URL scanner that uses an array of machine learning algorithms to determine if a site is malicious or not. Since its inception in 2018, it has scanned more than 6.5 billion URLs. With CheckPhish, you can scan suspicious URLs and monitor for typosquats and lookalikes variants of a domain.

"We have been watching the reality behind the CISA's warning play out in real-time. In the early hours of July 19, scammers began trying to lure victims into various scams. Within the first 24 hours, more than 40 typosquat domains were targeting CrowdStrike users and had been added to the CheckPhish site," said Abhilash Garimella, vice president of Research at Bolster. "A typosquat, or lookalike domain, resembles a legitimate domain but with variations, such as common misspellings or additional characters. These domains are meant to deceive users into believing they are visiting a trusted site when, in fact, they are being redirected to a fraudulent one."

Bolster has identified multiple types of phishing scams already, from malicious domains offering technical or legal support to CrowdStrike crypto tokens and sites still under construction. The CheckPhish community has created a growing list of 'CrowdStrike' typosquats that can be found here.

5 Tips to Protect Organizations and Employees

  1. Security teams should add the list of typosquat domains to their email security and web security gateway blocklists to prevent business email compromise (BEC) attacks or phishing emails to employees.
  2. Double-check URLs and domains before entering information, especially if they were sent via an email or an SMS.
  3. Google or Bing search for official contact or support channels. CrowdStrike and Microsoft have official support channels and phone numbers on their websites: crowdstrike.com and microsoft.com.
  4. Be cautious before accepting unsolicited help via email or phone. It is nearly impossible to distinguish between real help and a tech support scam.
  5. If you encounter a phishing page or a scam call, report it to your company's IT department and CrowdStrike's website. Add the scam to the active list here, and raise community awareness of it.

Visit CheckPhish to scan suspicious URLs and monitor for typosquatting, or URL hijacking, and lookalike variants of a domain. To learn more, please visit www.bolster.ai