CrowdStrike resolved the issue relatively quickly, but not before threat actors began launching phishing campaigns designed to take advantage of individuals and companies seeking a fix for the outage. Within the first day of the CrowdStrike incident, Cyberint detected 17 related typo-squatting domains. At least two of these domains copied and shared Crowdstrike’s workaround in what was apparently an attempt to solicit donations via PayPal. By following the breadcrumbs, Cyberint traced the donation page to a software engineer named Aliaksandr Skuratovich, who also posted the website on his LinkedIn page.

Attempts to profit by collecting donations for a solution that originated elsewhere were among the milder attempts to profit from the CrowdStrike incident. Other typosquatted domains claimed to offer a solution (available for free via CrowdStrike) in exchange for payments of up to €1,000. The domains were taken offline, but not before organizations fell victim to them. Cyberint’s analysis shows that the crypto wallet associated with the scheme raised around €10,000.

Phishing attacks in response to planned events

When it comes to planned events, attacks tend to be more diverse and detailed. Threat actors have more time to prepare than in the wake of unexpected events like the CrowdStrike outage.

Phishing at the Olympic Games

Phishing attacks related to the 2024 Paris Olympics also showed that cybercriminals can run more effective campaigns by linking them to current events.

An example of an attack in this category is the phishing email discovered by Cyberint, which claimed that recipients had won tickets to the Games and that in order to collect the tickets, they would have to make a small payment to cover the delivery costs.

However, when recipients entered their financial information to pay the fee, the attackers could pose as victims and make purchases through their accounts.

In another example of Olympic phishing, cybercriminals registered a professional-looking website in March 2024 claiming to sell tickets. In reality, it was a scam.

Although the site was not that old and therefore did not have much authority based on its history, it still ranked high in Google search results, making it more likely that people who wanted to buy Olympic tickets online would fall into the trap.

Phishing and football

Similar attacks took place during the UEFA Euro 2024 football championship. Specifically, the criminals launched fraudulent mobile apps that posed as UEFA, the sports governing body organising the event. Since the apps used the organisation’s official name and logo, it was likely easy for some people to assume they were legitimate.

It’s worth noting that these apps weren’t hosted on the app stores run by Apple or Google, which typically detect and remove malicious apps (though there’s no guarantee they’ll do so quickly enough to prevent abuse). They were available through unregulated third-party app stores, making them somewhat harder for consumers to find. However, most mobile devices wouldn’t have controls in place to block the apps if a user went to a third-party app store and attempted to download malicious software.

Phishing and recurring events

Even when it comes to recurring events, phishers know how to abuse situations to launch powerful attacks.

For example, during the holiday season, there is a lot of gift card fraud, non-payment scams, and fake order slips, as well as phishing scams that try to lure victims into applying for fake seasonal jobs in an attempt to collect their personal information.

The holiday season creates a perfect storm for phishing due to the rise of online shopping, attractive deals and a flood of promotional emails. Scammers exploit these factors, leading to significant financial and reputational damage for businesses.

When it comes to phishing, timing is everything

Unfortunately, AI and PhaaS have made phishing easier and we can expect malicious actors to continue using such strategies.

See The Phishing & Impersonation Protection Handbook for strategies that businesses and individuals can implement.

However, companies can anticipate peaks in attacks in response to specific developments or (in the case of recurring phishing campaigns) certain times of the year and take measures to limit the risk.

For example, they can teach employees and consumers to be extra careful when responding to content related to a current event.

While AI and PhaaS have made phishing easier, businesses and individuals can still defend themselves against these threats. By understanding the tactics threat actors use and implementing effective security measures, the risk of falling victim to phishing attacks can be reduced.