The Silicon Valley Bank collapse leads to cybercrime surge
The collapse of the Silicon Valley Bank (SVB) has sent shockwaves through the financial world, and cybercriminals are now taking advantage of the situation. Fake domains resembling SVB are being registered, phishing pages are being created, and business email addresses are being attacked.
The aim of these cyberattacks is to steal money directly or valuable data, or to spread malware that will eventually lead to financial rewards for criminals via dark web sales or by blackmailing victims in a similar vein to ransomware.
Multiple scams
SVB, once the 16th largest bank in the US and depended upon by almost half of all venture-backed tech startups, collapsed on March 10 after customers withdrew their funds at an unsustainable rate. The move was triggered by the poor economic conditions that forced tech firms to shore up their finances.
It is the second-largest bank failure in US history and has affected those in many industries, including those in tech, healthcare, private equity, and even the wine industry.
In a report by Johannes Ullrich, Dean of Research for SANS Technology Institute, numerous suspicious domains have been registered in the wake of the incident, such as login-svb.com and svbbailout.com.
Cyber intelligence firm Cyble also found in its report the domains svbdebt.com and svbclaims.net, among others. These were registered on the very same day SVB went down and are perpetrating cryptocurrency scams by falsely claiming that SVB is reimbursing its customers with USDC pay-outs.
Other crypto scams are pretending to be affiliated with Circle, the payments firm that manages USDC payments and had $3.3 billion in SVB, taking advantage of the uncertainty over the firm’s liquidity now.
Domains such as redeemed-circle.com and circle-reserves.com have been created and are merely out to steal wallets and sensitive data.
Ullrich also warned that threat actors will likely attempt to contact those affected by the collapse, under the guise of offering support, legal services, loans, or similar.
An attack type that has already taken place is called a business email compromise (BEC). Scammers are pretending to be former SVB customers and telling their customers in turn that they need to send any payments that may be incoming to a new bank account, which is actually controlled by the threat actor.
Phishing scams are also being run, with the domain cash4svb.com asking for SVB customer contact info under the pretense of being an investment group and offering cash to them.
The advice to SVB customers is to look out for suspicious emails and domains related to SVB, especially those mentioning changes in bank details. Confirm payment changes by phone if possible rather than email, as email accounts can be hijacked by threat actors.
Conclusion
The collapse of the Silicon Valley Bank has led to a surge in cybercrime, with criminals taking advantage of the situation to steal money and valuable data. SVB customers should be vigilant and look out for suspicious emails and domains related to SVB, especially those mentioning changes in bank details. Confirm payment changes by phone if possible rather than email, as email accounts can be hijacked by threat actors.
- Here are the best secure email providers to help protect you
