The collapse of Silicon Valley Bank (SVB), which shook the financial world, is now inevitably taken advantage of by cybercriminals.
Threat actors are clamoring to capitalize on the outage, with fake domains resembling SVB registered, phishing pages created, and attacks on work email addresses.
The goal is to steal money outright or otherwise steal valuable data and spread malware that will eventually generate financial rewards for criminals through sales on the dark web or by blackmailing victims in a ransomware-like manner.
Multiple scams
SVB, once the 10th largest bank in the United States and on which nearly half of all tech startups depended, collapsed on March XNUMX after customers withdrew their funds at an unsustainable rate. The move was prompted by poor economic conditions that forced tech companies to shore up their finances.
It is the second largest bank failure in US history and has hit many sectors including technology, healthcare, private equity and even the wine industry.
In a report (opens in a new tab) by Johannes Ullrich, dean of research at the SANS Technology Institute, numerous suspicious domains were registered as a result of the incident, including login-svb.com and svbbailout.com.
Cyber intelligence firm Cyble (opens in a new tab) also found the domains svbdebt.com and svbclaims.net, among others, in its report. These were posted on the same day that SVB went down and is committing cryptocurrency scams by falsely claiming that SVB reimburses its clients with USDC payments.
Other crypto scams claim to be affiliated with Circle, the payment company that handles USDC payments and held €3.300 billion in SVB, taking advantage of uncertainty about the company's liquidity.
Domains like reded-circle.com and circle-reserves.com have been created and are only used to steal wallets and sensitive data.
Ullrich also warned that threat actors will likely attempt to contact those affected by the collapse, under the guise of offering support, legal services, loans, or the like.
One type of attack that has happened before is called Business Email Compromise (BEC). The scammers pretend to be former SVB customers, and in turn tell their customers that they should send any payments that may come into a new bank account, which is actually controlled by the threat actor.
Phishing scams are also taking place, with the domain cash4svb.com asking for the contact details of SVB clients under the guise of being an investment group and offering them money.
The advice for SVB customers is to look for suspicious emails and domains related to SVB, especially those mentioned in bank details changes. If possible, confirm payment changes over the phone instead of email, as hackers can hijack email accounts.
The FDIC (opens in a new tab) and the US Treasury (opens in a new tab) have also issued advice for those affected by the SVB collapse.