Over six million individuals are reported to have been impacted by Monday’s AWS outage, leaving affected users ripe for scam attacks. Here’s what to look out for.
From communication apps like Reddit, Snapchat and Meta’s WhatsApp to major financial platforms, such as PayPal’s Venmo, Robinhood, and Coinbase, individual users are being warned to be wary of target phishing attacks promising to restore acount access.
As Amazon Web Services continues its restoration efforts, the cloud provider is warning the estimated 1000 organizations caught up in Monday’s AWS outage to expect delays, latencies in network connections and higher than average error rates.
The outage is being blamed on network connectivity issues at AWS's US-EAST-1 data center in Northern Virginia, specifically citing Domain Name System (DNS) resolution failures.
DNS, otherwise known as the internet's phone book, takes a “human-readable” domain name, such as cybernews.com and translates it into an “machine-readable” IP address so that computers can communicate. If this translation fails, a computer can’t locate the server hosting the website, and the user can’t connect to that address.
Besides Amazon’s e-commerce platform and applications including Prime and Alexa, the worldwide ripple effect devastated workspace communications such as Microsoft Teams, Outlook, Slack, and Zoom, gaming platforms like Roblox, Xbox, and Fortnite.
Airlines Delta and United reported issues, as well as food and transportation apps, including Lyft, Instacart, McDonalds and Starbucks, plus random apps such as Ring, My Fitness Pal, Hinge, and several UK government websites, as well as the Bank of Scotland, Halifax, and Lloyds.
The perfect phishing storm
This mean for the millions of users unable to access their accounts and services since the mele began about 2:00 a.m. ET, cybercriminals have most certainly been busy at work crafting emails and other communications to lure users into giving up their sensitive personal information.
Phishing attacks have one thing in common, they prey on human emotion, and in the case of services going down or being unable to access an account for extended periods of time, take advantage of a victims sense of urgency, fear, and confusion.
With the help of AI tools, these hackers can easily create an email that appears to be sent directly from the impacted organization, complete with identical logos and structure, and often a spoofed email address or phone number that mimics the legitimate ones.
Users should be wary of emails or texts with “clickable links” offering to provide outage updates, restore access to its services or app, or even offering to compensate users financially for time the service or app was down.
Additionally, users should also watch out for scammers claiming to be from an app's tech support, another tried-and-true scheme used by cybercriminals worldwide.
What to watch out for?
There are many ways to beef up your own personal security and sometimes it can take a major incident or outage to remind online users to review their cybersecurity strategy to help stay protected from bad actors looking to get a hold of your financial and personal information.
In the aftermath of a significant outage or cyber event, to avoid targeted phishing attacks, users should always be skeptical of any emails, texts, or phone calls claiming to fix the outage or restore services.
Never click on any unsolicited links or pop-ups as these could install malware on your device for more invasive attacks, steal your personally identfiable information (PII) using a keystroke logger, or send you to fake webpage asking the user to input their login credentials.
Always be sure to type in the full company website address in your website browser, and check the site or email address for any inconsistencies, such as mispellings or unusual characters.
Know that Amazon and AWS tech support staff, as well as those from other commercial app and platforms will never contact a user directly and offer to "help" restore account access, nor ask for your login and password information.
During an ongoing cyber incident, users should also avoid making significant transactions, password changes, or critical updates, as glitches in the affected systems could lose information or files, or not update completely. Furthermore, once the system is safely stabalized, you should also double check that all your devices and programs are running the latest versions.
Once the incident has been resolved, users should also closely monitor online activity for inconsistencies in their banking, shopping and payment apps, looking for failed or duplicate transactions, unauthorized purchases, or other strange activity.
Finally, this can be a great time to make sure that all your passwords are adhering to best practices (ideally by using a password manager), such as creating passwords that are at least 12 characters in length, unique for each site, and enabling multi-factor authentication (MFA) for all accounts.
Your email address will not be published. Required fields are markedmarked