Cyber crooks jump on SVB collapse to loot client money and data

What remains a threat to the global financial system has become a potential goldmine for cybercriminals, who are using the collapse of the Silicon Valley Bank (SVB) to conduct phishing and business email compromise (BEC) attacks.

Cybersecurity researchers report that threat actors have been registering suspicious domains and trying out BEC attacks or phishing campaigns. The classic aim is, of course, to steal money and data with the help of malware.

The collapse of SVB on March 10 has impacted many businesses and people who were customers of this US-based commercial bank. The situation is quite chaotic – naturally, a bank run has followed.

The failed bank was the preferred partner for many startups in the US and elsewhere, and they’re now urgently looking for alternative funding to keep the business afloat.

This, according to Cyble, an American cybersecurity firm, has made these startups a prime target for threat actors “who are taking advantage of the current situation by conducting various malicious activities.”

Cyble’s Research & Intelligence Labs has already identified several suspicious websites that have emerged in the wake of the SVB collapse, including svbcollapse dot com, svbclaim dot com, or svbdebt dot com. Most of the websites emerged right after the bank’s fall.

On March 13, the Department of the Treasury, Federal Reserve, and Federal Deposit Insurance Corporation, a US government corporation supplying deposit insurance to depositors in American commercial banks and savings banks, issued a joint statement to safeguard all depositors’ funds and ensure access to their money.

However, according to Cyble, “despite being a relief for affected depositors, threat actors have started using this announcement to launch their malicious campaigns.”

A typical instance is a cryptocurrency scam where phishing sites have set up a bogus USDC (digital dollar) reward program claiming that “Silicon Valley Bank is actively distributing USDC as part of the SVB USDC payback program to eligible USDC holders.”

In fact, these criminals are seeking to steal cryptocurrency from the victim’s account by offering them free USDC, inviting the targeted users to scan a bogus QR code using any cryptocurrency wallet.

Other experts also claim that the scammers have already tried contacting former clients of SVB to offer them, again, a fake support package, bogus legal services, or loans. The crooks have also activated BEC attacks and are urging customers to forward payments to a new bank account.

Adi Ikan, chief executive officer and founder of Veriti, a security platform, told Cybernews that active phishing campaigns targeting former SVB customers in the US, France, or Spain “have been at an all time high.”

“Phishing campaigns are leveraging SVB’s recent collapse to impersonate the bank and its online services, with the intention of tricking victims into divulging their account information or login credentials,” said Ikan.

Ikan added that his firm had also noticed an increase in the registration of fake phishing domains in the US (88%), Spain (7%), France (3%) and Israel (2%), a rising trend it expects will continue.

More from Cybernews:

Key aerospace player leaks sensitive data

60GB Deutsche Bank data allegedly for sale on dark web

General Motors explores using ChatGPT in cars

LockBit boasts of breaching SpaceX contractor

Meta to wind down NFTs on platforms amid crypto bust

Subscribe to our newsletter