Minister for Home Affairs Clare O’Neil told reporters on Saturday there have been reports of phishing scams amid Friday’s CrowdStrike IT outage, urging Australians to “be careful”.

“There is something critical that I would like to ask Australians to do today, and that is be really careful and be really on the lookout for attempts to use this to scam Australians and to scam small businesses,” Ms O’Neil said.

“What we’re hearing is that some small businesses in particular, some individuals are receiving emails from people who are pretending to be CrowdStrike or are pretending to be Microsoft, and indicating that you need to put in bank details to get access to a reboot.

“That you need to pay money, that you need to put your personal details in so that your systems can be brought back online. But I ask Australians to be really cautious over the next few days about attempts to use this for phishing.”

Ms O’Neil urged Australians to “just stop” and “don’t put in any details” if they come across emails, texts or calls that “look a little bit funny”.

“Stop. Don’t give any personal information and then certainly don’t put in any bank details or money. Then just step back and think, have a look at the communication that you’ve just received, and just ask does it make sense for you?” she said.

The outage could well be the biggest IT outage in history, according to Ms O’Neil.

“As for the size and scope of this event, I’ve seen it reported that this is the biggest IT outage in world history. It is absolutely possible that that’s the case, it’s certainly the largest in the time that I’ve been alive,” she said.
“This has been a very serious incident for the Australian economy, and what I have seen is governments and businesses and other organisations pull together at speed to make sure that we’re doing everything we can to support our citizens.”

It comes as flights and supermarkets remain impacted as a result of the CrowdStrike outage, with servers and devices getting stuck in “boot loops” following a faulty software update.

The outage occurred as a result of an error in a software update, and was not a cybersecurity event.

“What has occurred here is that as we understand it about 2.09pm Australian Eastern Standard Time yesterday CrowdStrike issued an update to a subset of their customers that update had an error in it which caused effectively system outages for computers that it was pushed through, so computers that were online at the time,” Ms O’Neil explained.

“The fix for this as I’m advised by CrowdStrike was provided not long after that event, so not even an hour and a half after that event.

“The issue here is just the breadth of people that were using this particular software and the time it is taking to build and bring major systems back online.”

Some businesses are still experiencing “teething issues” following the outage, with Ms O’Neil calling it a “very serious incident for the Australian economy”.

“Most companies that use CrowdStrike are fully operational, but we are seeing some teething issues,” she said.

“Woolworths for example — shelves are fully stocked, we don’t have any food shortages, there’s nothing to be concerned about of that nature. Woolworths, I’m advised, has all of its stores open today, but some of the tellers and some of the check-outs may not be open in all the supermarkets around the country.

“At the same time with airlines we’re seeing major airlines are back online, but there might be internal technical difficulties, for example, baggage handler systems communicating with the front of the terminal.”

Ms O’Neil asked Australians to “just be thoughtful”, urging people to allow extra time for travel.

“Please be patient. Don’t take this out on the staff at the supermarkets if you have to wait a little bit longer, it is absolutely not their fault, and what I can see around me is a lot of people who are working as hard as they can to get things working again for Australians,” she said.

How to spot a scam:

1. Think before you click on a link.

2. Never provide your details via a link in a message.

More Coverage

What services are still out across Australia

Sneak peek as Aussies prepare for Olympics

3. Contact the person or business to check if they sent the message.

4. Think you’ve entered your personal details into a scam (phishing) site.

More to come.