How
cybercriminals
can
exploit
Silicon
Valley
Bank’s
downfall
for
their
own
ends
–
and
at
your
expense
Big
news
events
and
major
crises
usually
trigger
an
avalanche
of
follow-on
phishing
attempts.
The
COVID-19
pandemic
and
Russia’s
invasion
of
Ukraine
are
perhaps
the
most
obvious
examples,
but
the
most
recent
one
is
the
collapse
of
Silicon
Valley
Bank
(SVB).
The
mid-sized
US
lender
and
a
key
financer
of
tech
start-ups
held
tens
of
billions
of
dollars’
worth
of
assets
when
it
went
bust
last
week
after
succumbing
to
a
bank
run.
Although
the
US
government
stepped
in
days
later
to
guarantee
customers
would
be
able
to
access
their
money,
the
damage
was
done
–
and
even
if
you
or
your
business
wasn’t
affected
by
the
bank’s
meltdown,
you
could
still
be
at
risk
of
cybercrime
that
exploits
such
events
for
nefarious
gains.
Ambulance-chasing
phishing
and
business
email
compromise
(BEC)
attempts
are
already
hitting
inboxes
across
the
globe.
Once
you’ve
weathered
the
storm,
there’s
plenty
of
takeaways
that
can
be
used
to
build
a
more
resilient
security
awareness
program
going
forward.
The
SVB
scams
so
far
There’s
nothing
new
in
scammers
piggy-backing
on
news
events
to
improve
their
success
rates.
But
the
SVB
case
has
several
ingredients
that
make
it
arguably
a
more
attractive
lure
than
the
norm.
These
include:
-
The
fact
that
there’s
lots
of
money
at
stake:
SVB
had
an
estimated
US$200
billion
in
assets
when
it
went
bust. -
Extreme
anxiety
from
corporate
customers
worried
about
how
to
pay
the
bills
if
they
can’t
access
their
assets,
and
of
individuals
concerned
about
whether
they’d
get
paid. -
Confusion
over
exactly
how
customers
can
get
in
touch
with
the
failed
lender. -
The
fact
that
the
collapse
came
after
the
fall
of
Signature
Bank,
sparking
even
more
anxiety
about
the
whereabouts
of
funds
and
the
health
of
the
financial
system. -
SVB’s
global
reach
–
including
a
UK
arm
and
various
affiliated
businesses
and
offices
across
Europe.
This
expands
the
pool
of
potential
scam
victims. -
The
BEC
angle:
as
many
SVB
corporate
customers
will
be
informing
their
partners
of
bank
account
changes,
it
offers
the
perfect
opportunity
for
fraudsters
to
step
in
first
with
their
own
details.
When
something
like
this
happens,
it’s
not
unusual
to
see
multiple
domains
registered
by
firms
looking
to
offer
legitimate
loans
or
legal
services
to
the
ailing
bank’s
customers.
It
can
be
difficult
to
discern
the
authentic
from
those
registered
for
nefarious
ends.
There’s
a
long
list
of
newly-registered
lookalike
domains
that
may
try
to
deceive
people
in
the
future.
New
domain
registrations
relating
to
Silicon
Valley
Bank
are
emerging.
Some
could
be
#phishing
campaigns.
Listed
below
is
what
we’re
seeing
now.
Keep
in
mind
not
all
are
scammy,
and
not
all
scammy
domains
targeting
SVB
will
have
SVB-related
terms:
https://t.co/mHjfZQIQAf
pic.twitter.com/Au7AbA0GhX—
SecuritySnacks
(@SecuritySnacks)
March
13,
2023
SVB
phishing
attempts
As
always,
phishing
attempts
focus
on
classic
social
engineering
techniques
such
as:
-
Using
a
breaking
news
story
to
lure
the
recipient
in -
Spoofing
SVB
or
other
brands
to
gain
recipient
trust -
Creating
a
sense
of
urgency
to
force
recipients
to
act
without
thinking
–
not
hard
given
the
circumstances
surrounding
the
collapse -
Including
malicious
links/attachments
to
harvest
information
or
steal
funds
Expect
different
threat
actors
to
exploit
the
current
situation
with
SVB.
Started
to
see
some
infrastructure
being
setup
that
could
be
used
for
phishing
/
scams.
login-svb[.]com
cash4svb[.]com
svbclaim[.]com
svbdebt[.]com
pic.twitter.com/rn9ltBsxDU—
Jaime
Blasco
(@jaimeblascob)
March
12,
2023
Some
phishing
attempts
have
focused
on
stealing
the
details
of
SVB
customers
–
possibly
to
either
sell
on
the
dark
web
or
to
create
a
phishing
list
of
targets
to
hit
with
future
scams.
Others
have
embedded
more
sophisticated
methods
of
stealing
cash
from
victims.
One
effort
uses
a
fake
reward
program
from
SVB
claiming
all
holders
of
stablecoin
USDC
will
get
their
money
back
if
they
click
through.
However,
the
QR
code
the
victim
is
taken
to
will
compromise
their
cryptocurrency
wallet
account.
A
separate
lure
with
the
same
QR-related
crypto-stealing
end
goal
used
an
announcement
by
USDC
issuer
Circle
as
its
starting
point.
The
firm
said
USDC
would
be
redeemable
1:1
with
the
dollar,
prompting
the
creation
of
new
phishing
sites
with
a
Circle
USDC
claims
page.
SVB
BEC
threats
As
mentioned,
this
news
event
is
also
slightly
unusual
in
providing
the
perfect
conditions
for
BEC
attacks
to
flourish.
Finance
teams
are
going
to
be
legitimately
approached
by
suppliers
that
previously
banked
with
SVB
and
that
have
now
switched
financial
institutions.
As
a
result,
they’ll
need
to
update
their
account
details.
Attackers
could
use
this
confusion
to
do
the
same,
impersonating
suppliers
with
modified
account
payee
details.
Some
of
these
attacks
may
be
sent
from
spoofed
domains,
but
others
may
be
more
convincing,
with
emails
that
have
been
sent
from
legitimate
but
hijacked
supplier
email
accounts.
Organizations
without
sufficient
fraud
checks
in
place
could
end
up
mistakenly
sending
money
to
scammers.
How
to
avoid
SVB
and
similar
scams
Phishing
and
BEC
are
increasingly
common.
The
FBI
Internet
Crime
Report
2022
details
over
300,000
phishing
victims
last
year,
cementing
its
status
as
the
most
popular
cybercrime
type
of
all.
And
BEC
made
scammers
over
US$2.7bn
in
2022,
making
it
the
second
highest-grossing
category.
Consider
the
following
to
stay
safe
from
the
scammers:
-
Be
cautious
about
unsolicited
messages
received
by
email,
SMS,
social
media
etc.
Try
to
independently
verify
them
with
the
sender
before
deciding
whether
to
reply. -
Don’t
download
anything
from
an
unsolicited
message,
click
on
any
links
or
hand
over
any
sensitive
personal
information. -
Look
for
grammatical
mistakes,
typos
etc.
that
can
indicate
a
spoofed
message. -
Hover
over
the
email
sender’s
display
name
–
does
it
look
authentic? -
Switch
on
two-factor
authentication
(2FA)
for
all
online
accounts. -
Use
strong
and
unique
passwords
for
all
accounts,
ideally
stored
in
a
password
manager. -
Regularly
patch
or
switch
on
automatic
updates
for
all
devices. -
Report
anything
suspicious
to
the
corporate
security
team. -
Importantly,
ensure
you
have
up-to-date
security
software
on
all
your
devices
from
a
reputable
provider.
For
BEC
specifically:
-
Check
with
a
colleague
before
changing
account
details/approving
payments
for
new
accounts -
Double
check
any
requests
for
account
updates
with
the
requesting
organization:
don’t
reply
to
their
email,
verify
independently
from
your
records
From
a
corporate
IT
security
perspective:
-
Run
continuous,
regular
phishing
training
exercises
for
all
staff,
including
simulations
of
currently
trending
attacks -
Consider
gamification
techniques
which
may
help
reinforce
good
behaviors -
Build
BEC
into
staff
security
awareness
training -
Invest
in
advanced
email
security
solutions
that
include
anti-spam,
anti-phishing
and
host
server
protection
and
protect
threats
from
even
reaching
their
targets -
Update
payment
processes
so
that
large
wire
transfers
must
be
signed
off
by
multiple
employees
We
all
need
to
be
on
the
lookout
for
unexpected
emails
or
calls
–
mainly
those
coming
from
a
bank
and
requiring
urgent
action.
Never
click
a
link
and
input
your
banking
login
credentials
nor
give
them
over
the
phone
at
any
time.
To
access
your
banking
information,
use
your
bank’s
official
website.