Scammers took only a few hours to jump onto the CrowdStrike outage bandwagon. They are trying to exploit what is now dubbed the ‘largest IT outage in history’ to lure victims into various tech support and donation scams. Since the early hours of July 19, several typosquat (lookalike/ phony) domains targeting CrowdStrike have popped up on our Bolster Research radar.
A typosquat or lookalike domain closely resembles a legitimate domain but contains slight variations, such as misspellings or additional characters. These domains are created to deceive users into thinking they are visiting a trusted site when, in fact, they are being redirected to a fraudulent one.
crowdstrikefix[.]zip, crowdstrikebluescreen[.]com, and crowdstrikebug[.]com are examples of 40 such domains registered today. Please follow the CheckPhish community link for a comprehensive and updated list of these domains.
Community Link with ‘CrowdStrike’ typosquats: 
CrowdStrike Look-alike domains list
While most domains are still ‘Under Construction’—waiting for content to be spun up—some are already hosting tech support and donation webpages. Although some domains can be legitimate, users should exercise caution before engaging in any activity.
Domains Offering Tech Support
Domains offering tech support to CrowdStrike users were spun up as a result of the breach. Although backed by legitimate companies, some of these domains are leveraging ‘crowdstrike’ typosquats to attract users.
We suggest that users exercise caution before contacting these phone numbers and email addresses. Some of these pages could be scams, and victims can lose sensitive information and PII to the attackers. CrowdStrike has an official support forum and a Contact Us page that will be where legitimate communication stems from.
Domain: crowdstrikeoutage[.]info registered on July 19
This domain was registered today via Porkbun and hosted in the US via Hostinger.
Domain: crowdstrikebluescreen[.]com registered on July 19
This domain was registered today via GoDaddy and hosted in the US via AWS.
Domains Under Construction
These domains do not have any active content yet but can go live at any moment. Again, all of these domains were registered today, and users should be cautious while interacting with them.
Domain: crowdstrike0day[.]com registered on July 19
Domain: crowdstrike-helpdesk[.]com registered on July 19
Domains Offering Legal Help
Domains offering legal help are great; but be careful before entering your email address, phone number, and other PII into a typosquat domain that was spun up today.
Domain: crowdstrikeclaim[.]com registered on July 19
Domains Offering CrowdStrike Crypto Tokens
Crypto users are targeted by a variety of scams. We recently saw around 20 fake tokens spun up asking to fund the Biden and Trump campaigns. Users should be careful before purchasing or transacting with tokens that claim to be ‘CrowdStrike’.
Below is the screenshot of a twitter account not associated with CrowdStrike promoting the token using their logo.
There are other websites that are asking for donations: fix-crowdstrike-bsod[.]com and crowdstrike-bsod[.]com.
How to Protect Yourself
- Security teams should add the list of typosquat domains to their email blocklists to prevent BEC and phishing emails sent to their employees.
- Double-check URLs and domains before entering information, especially if they were sent to you via an email or an SMS.
- Google/ Bing search for official contact or support channels. CrowdStrike and Microsoft have official support channels and phone numbers on their websites: crowdstrike[.]com and microsoft[.]com.
- Be careful before accepting unsolicited help via email or phone. It is nearly impossible to distinguish between real help and a tech support scam.
- If you encounter a phishing page or a scam call, report it to your company’s IT department and CrowdStrike’s website. Add it to the list here so people are aware of it.
