Be warned: After global tech outage, phishing schemes and scammers may try to exploit you

Efforts to deal with aglobal tech outagethatcaused chaos for travellers, hospitals and banks are underway, but it may not be the end ofyour computer woes: Phishing schemes trying to reel in businesses and individuals are now coming to light.

Security specialists are warningto be aware of malicious actorspurporting to be tech specialists offeringhelp to recover from the outage, which wascaused by a faulty software update from the cybersecurity firm CrowdStrike.

Some of the scammersmay even be posing as employees of Texas-based CrowdStrike, which has offices around the world.

CrowdStrike said it's not believeda hack or cyberattackwas behind the outage and it has delivered a fix to address it. The company has apologized and vows to be as transparent as possible inassessing what happened, whilewarning somemay be trying to take advantage of the situation.

For instance, in Latin America, there have been attempts by scammers tryingto trick people andthe U.K.'s National Cyber Security Centre said it hasnoticed an increase in phishing attempts related to the outage.

On Friday,CrowdStrike CEO George Kurtztold NBC's Today Show thatthe company isworking with its customers globally to ensure they get back online safely.

"It could be some time for some systems that just automatically won't recover," he said. "But it is our mission ... to make sure every customer is fully recovered, and we're not going to relent until we get every customer back to where they were,and we continue to protect them and keepthe bad guys out of their systems."

WATCH | Air travellers scramble:

How the IT outage is affecting devices using CrowdStrike

3 months ago

Duration 3:59

Canadians woke up Friday to a global tech outage disrupting operations in multiple industries. Cybersecurity firm Crowdstrikes Falcon Sensor software caused Microsoft Windows to crash and display a blue error screen. Cybersecurity and tech analyst Ritesh Kotak explains how the outage impacted subscribed to Crowdstrike and what mitigation actions Microsoft might be taking.

Outage primepickingsfor scammers, Canadian analyst says

Microsoft said Saturdayabout8.5 million devices running its Windows operating systemwere affected in the IT crash that left somestuck on what's known as the "blue screen of death" signalling computers have been knocked offline in a full system failure without the ability to restart.

That's less than one per centof all Windows-based machines, Microsoft cybersecurity executive David Weston said in a blog post Saturday.

He also said such a significant disturbance is rare but "demonstrates the interconnected nature of our broad ecosystem."

Still, said CarmiLevy,a technology analyst in Canada, scammers are always scanning news headlinesto jump on opportunities to go phishing.

Typically, they'll reach out by emailor social media instant messaging, he said. Some willeven call and say they're from a support department, a wayto "look for opportunities to hit us when they least expect it."

WATCH | Be wary of messages offering help, tech analyst says:

IT outage chaos presents perfect opportunity for scammers, tech expert says

3 months ago

Duration 1:19

Cybersecurity agencies are warning people about a wave of new scams following Friday's global tech outage. Technology analyst Carmi Levy says people should be wary of messages offering help even when they appear to be from legitimate companies. 'Our first inclination should be: Fraud!' he says.

"We tend to think of scammers, cybercriminals, fraudsters as these James Bond-like masterminds these super-villains who use incredible technology and incredible knowledge when in reality, they're lazy," Levytold CBConSaturday from London, Ont.

"They go afterus when we're at our most vulnerable ... they'll target us in the wake of a natural disaster or a human-caused disaster like this one when there's lots of chaos and lots of uncertainty."

Residual fallout from outage

The repercussions of the outage continuedSaturday. Some airline passengers were being told it could take three days to get to their destinations, while some pharmacy prescription and bank services were still impacted.

By late Saturday morning, airlines around the world had cancelled more than 1,500 flights, far fewer than the 5,100-plus cancellations on Friday, according to figures from tracking service FlightAware.

Two-thirds of Saturday's cancelled flights occurred in the United States, where carriers scrambled to get planes and crews back into position after Friday's massive disruptions. According to travel data provider Cirium, U.S. carriers cancelled about 3.5 per centof their scheduled flights for Saturday. Only Australia was hit harder.

Cancelled flights were running at about one per centin the United Kingdom, France and Brazil, and about two per cent in Canada, Italy and India among major air-travel markets, Cirium says.

WATCH | Canada must take cyber issuesmore seriously, CEO says:

What frustrated Canadians should do in wake of the CrowdStrike outage

3 months ago

Duration 5:30

David Shipley, CEO of Beauceron Security, a New Brunswick-based cybersecurity software firm, says Canadians frustrated by the CrowdStrike outage should 'get mad' and make sure federal party leaders know about their frustration to mitigate future incidences.

Robert Mann, a former airline executive and consultant in the New York area, said it was unclear exactly why U.S. airlines were suffering disproportionate cancellations.Possible causes include a greater degree of outsourcing of technologyand more exposure to Microsoft operating systems that received the faulty upgrade from CrowdStrike, he said.

Health-care systemsglobally reported widespread problems including closures, cancelled surgeries and appointments and restricted access to patient records due to Friday's outage.

On Friday, British Columbia health authorities saidthe disruption affected its networks and computers across all systems, whilehospitals in Toronto and Hamiltonalso dealt with some issues related to the outage. Some health-care services in Newfoundland and Labradorwere also affected.

In the U.S., Cedars-Sinai Medical Center in Los Angeles said Saturday that "steady progress has been made" to bring its servers back online and thanked its patients for being flexible during the crisis.

In Austria, a leading organization of doctors said the outage exposed the vulnerability of relying on digital systems.

Harald Mayer, vice-president of the Austrian Chamber of Doctors, said the outage showed that hospitals need to have analog backups to protect patient care. The organization also called on governments to impose high standards in patient data protection and security, and on health providers to train staff and put systems in place to manage crises.

The Schleswig-Holstein University Hospital in northern Germany hadcancelled all elective procedures Friday, but said systems were gradually being restored and elective surgery could resume by Monday.

How to tech-protect yourself

While this week's outage may have been rare, Levy warns not to be complacent and offers these tipsfor screening out the fakes:

• Big tech companies don't spontaneously reach out to people to say they have a problem and offer to fix it."Microsoft's customer support departmentdoesn't operate in that way. No one'sdoes. ... our first inclination should be fraud."
• If you receive an email or other message, get out of the message and go to the company website to see if there are any messages or updates.
• Ifyou click on aphishing link or give remote access to your machine, act swiftly to secure your email and otheraccounts, changingpasswords and contacting the vendors of the platformbeing used in the scam.
• To make yourself less vulnerable to scammers, "toughen up" your individual profile and don't "put all your eggs inone basket."For instance, for banking, ensure you have amanual method of engaging with your bankaside from an app on your phone. "Make sure you're following smart password protocol across all your accounts you need different passwords for each account and change them regularly. Use difficult-to-guess passwords," Levy urged, because cybercriminalsare known to harvest information from your online profiles.