The collapse of the Silicon Valley Bank (SVB), which shook the financial world, is now inevitably exploited by cybercriminals.
Cybercrime actors are looking to capitalize on the fall by registering fake SVB-like domains, creating phishing pages and attacking corporate email addresses.
The goal is to directly steal money or otherwise steal valuable data and spread malware that will ultimately lead criminals to financial gain by selling on the dark web or blackmailing victims in a manner similar to ransomware.
Lots of scams
SVB, once the 16th-largest bank in the US, on which nearly half of all venture-back tech start-ups depended, collapsed on March 10 after customers withdrew their funds at an unsustainable rate. The move was sparked by poor economic conditions that forced tech companies to bolster their finances.
It is the second-largest bank failure in U.S. history, affecting companies across a wide range of industries, including tech, healthcare, private equity and even the wine industry.
IN report (opens in a new tab) Johannes Ullrich, dean of research at the SANS Technology Institute, registered a number of suspicious domains as a result of the incident, such as login-svb.com and svbbailout.com.
Cyber intelligence company Cycle (opens in a new tab) her report also found the domains svbdebt.com and svbclaims.net, among others. They were registered on the same day SVB collapsed and are perpetrating cryptocurrency scams by falsely claiming that SVB is reimbursing USDC withdrawals to its clients.
Other crypto scams pretend to be linked to Circle, a payment company that manages USDC payments and holds $3.3 billion in SVB, taking advantage of the company’s current liquidity uncertainty.
Domains such as Reded-Circle.com and Circle-Reserves.com have been created and are only used to steal wallets and sensitive data.
Ullrich also warned that cybercriminals would likely try to contact those affected by the collapse under the guise of offering support, legal services, loans, etc.
The type of attack that has already taken place is called Business Mail Compromise (BEC). Scammers pose as former SVB customers and in turn inform their customers that any payments they may receive must be sent to a new bank account that is actually controlled by a cybercriminal group.
Phishing scams are also performed where the domain cash4svb.com asks for the contact details of SVB customers under the pretext of being an investment group and offering them cash.
We advise SVB customers to be on the lookout for suspicious emails and domains related to SVB, especially the aforementioned changes to banking details. If possible, confirm payment changes over the phone, not by email, as email accounts can be compromised by cybercriminals.
The FDIC (opens in a new tab) AND United States Treasure (opens in a new tab) they also provided advice to those affected by the collapse of the SVB.