The collapse of the Silicon Valley Bank (SVB), which rocked the financial world, is now inevitably exploited by cybercriminals.
Threat actors are clamoring for the benefit of the downfall, registering fake domains similar to SVB, creating phishing pages, and attacking business email addresses.
The goal is to directly steal money, or otherwise steal valuable data and distribute malware that will ultimately lead to financial rewards for criminals through dark web sales or by blackmailing victims, similar to ransomware.
SVB, once the 16th largest bank in the US and on which nearly half of all venture-back tech startups depended, collapsed on March 10 after customers withdraw their money at an unsustainable rate. The move was triggered by the poor economic conditions that forced tech companies to strengthen their finances.
It is the second largest bank failure in US history and has impacted many industries, including technology, healthcare, private equity and even the wine industry.
In a report (opens in new tab) Johannes Ullrich, Dean of Research at the SANS Technology Institute, registered numerous suspicious domains in the aftermath of the incident, such as login-svb.com and svbbailout.com.
Cyber intelligence agency Cycle (opens in new tab) found in its report the domains svbdebt.com and svbclaims.net, among others. These were recorded on the same day SVB went bankrupt and perpetrate cryptocurrency scams by falsely claiming that SVB refunds its customers with USDC payouts.
Other crypto scams pretend to be affiliated with Circle, the payments company that manages USDC payments and had $3.3 billion in SVB, taking advantage of uncertainty about the company’s liquidity right now.
Domains such as redeemed-circle.com and circle-reserves.com have been created and are only out to steal wallets and sensitive data.
Ullrich also warned that threat actors are likely to try to contact those affected by the collapse, under the guise of offering support, legal services, loans or the like.
One type of attack that has already occurred is called a Business Email Compromise (BEC). Scammers pretend to be former SVB clients and in turn tell their clients to transfer any incoming payments to a new bank account, which is actually controlled by the threat actor.
Phishing scams are also being carried out, where the domain cash4svb.com asks for contact details of SVB clients under the pretense of being an investment group and offers them cash.
The advice to SVB customers is to watch out for suspicious e-mails and domains related to SVB, especially the mentioned changes in bank details. If possible, confirm payment changes by phone instead of email, as email accounts can be hijacked by threat actors.
The FDIC (opens in new tab) and the US Treasury (opens in new tab) have also issued advice to those affected by the bankruptcy of the SVB.