The SVB collapse is being exploited by scammers
The collapse of the Silicon Valley Bank (SVB), which has rocked the financial world, is now inevitably being exploited by cybercriminals.
Threat actors are clamoring to gain from the downfall, with fake domains being registered resembling SVB, phishing pages created and attacks on business email addresses.
The aim is to steal money directly, or otherwise to steal valuable data and spread malware that will eventually lead to financial rewards for criminals via dark web sales or by blackmailing victims in a similar vain to ransomware.
Multiple scams
SVB, once the 16th largest bank in the US and depended upon by almost half of all venture-back tech startups, collapsed on March 10 after customers withdrew their funds at an unsustainable rate. The move was triggered by the poor economic conditions that forced tech firms to shore up their finances.
It is the second-largest bank failure in US history, and has affected those in many industries, including those in tech, healthcare, private equity and even the wine industry.
In a report (opens in new tab) by Johannes Ullrich, Dean of Research for SANS Technology Institute, numerous suspicious domains have been registered in the wake of the incident, such as login-svb.com and svbbailout.com.
Cyber intelligence firm Cyble (opens in new tab) also found in its report the domains svbdebt.com and svbclaims.net, among others. These were registered on the very same day SVB went down, and are perpetrating cryptocurrency scams by falsely claiming that SVB is reimbursing its customers with USDC pay-outs.
Other crypto scams are pretending to be affiliated with Circle, the payments firm that manages USDC payments and had $3.3 billion in SVB, taking advantage of the uncertainty over the firms liquidity now.
Domains such as redeemed-circle.com and circle-reserves.com have been created, and are merely out to steal wallets and sensitive data.
Ullrich also warned that threat actors will likely attempt to contact those affected by the collapse, under the guise of offering support, legal services, loans or similar.
An attack type that has already taken place is called a business email compromise (BEC). Scammers are pretending to be former SVB customers and telling their customers in turn that they need to send any payments that may be incoming to a new bank account, which is actually controlled by the threat actor.
Phishing scams are also being run, with the domain cash4svb.com asking for SVB customer contact info under the pretense of being an investment group and offering cash to them.
The advice to SVB customers is to look out for suspicious emails and domains related to SVB, especially those mentioned changes in bank details. Confirm payment changes by phone if possible rather than email, as email accounts can be hijacked by threat actors.
The FDIC (opens in new tab) and US Treasury (opens in new tab) have also issued advice to those affected by the SVB collapse.