Cybersecurity and Infrastructure Security Agency (CISA) warns that threat actors are taking advantage of recent IT outage via phishing scams and other malicious activity
SANTA CLARA, Calif., July 22, 2024 — Bolster, a leader in multi-channel phishing protection, today announced that its free CheckPhish site, one of the most popular phishing and scam detection sites on the internet, has detected a spike in malicious activities, with more than 40 phishing and phony lookalike domains created in the first 24 hours following the CrowdStrike software incident.
CheckPhish is a free, real-time URL scanner that uses an array of machine learning algorithms to determine if a site is malicious or not. Since its inception in 2018, it has scanned more than 6.5 billion URLs. With CheckPhish, you can scan suspicious URLs and monitor for typosquats and lookalikes variants of a domain.
“We have been watching the reality behind the CISA’s warning play out in real-time. In the early hours of July 19, scammers began trying to lure victims into various scams. Within the first 24 hours, more than 40 typosquat domains were targeting CrowdStrike users and had been added to the CheckPhish site,” said Abhilash Garimella, vice president of Research at Bolster. “A typosquat, or lookalike domain, resembles a legitimate domain but with variations, such as common misspellings or additional characters. These domains are meant to deceive users into believing they are visiting a trusted site when, in fact, they are being redirected to a fraudulent one.”
Bolster has identified multiple types of phishing scams already, from malicious domains offering technical or legal support, to CrowdStrike crypto tokens, and sites still under construction. The CheckPhish community has created a growing list of ‘CrowdStrike’ typosquats that can be found here.
5 Tips to Protect Organizations and Employees
- Security teams should add the list of typosquat domains to their email security and web security gateway blocklists to prevent business email compromise (BEC) attacks or phishing emails to employees.
- Double-check URLs and domains before entering information, especially if they were sent via an email or an SMS.
- Google or Bing search for official contact or support channels. CrowdStrike and Microsoft have official support channels and phone numbers on their websites: crowdstrike.com and microsoft.com.
- Be cautious before accepting unsolicited help via email or phone. It is nearly impossible to distinguish between real help and a tech support scam.
- If you encounter a phishing page or a scam call, report it to your company’s IT department and CrowdStrike’s website. Add the scam to the active list here, and raise community awareness of it.
Visit CheckPhish to scan suspicious URLs and monitor for typosquatting, or URL hijacking, and lookalike variants of a domain. To learn more, please visit www.bolster.ai.
About Bolster
Bolster’s mission is to make the internet a safer place by detecting, taking down, and monitoring phishing, fraud, and scam activity across the web, social media, app stores, and the dark web. Within milliseconds, Bolster renders a verdict using LLMs and the largest structured phishing dataset in the industry – delivering multi-channel phishing protection with near-perfect precision and at scale. To learn more, go to www.bolster.ai.