Cybercriminals have been found exploiting the recent crisis at the Silicon Valley Bank (SVB) Cybersecurity experts and security firms have reported that scammers are actively searching for potential victims who were affected by SVB's collapse and using different techniques from phishing scams and fake domains to BEC attacks.
Suspicious domains
Researchers have discovered that threat actors have already registered suspicious domains and web pages to carry out attacks.
- According to Cyble, several dubious websites, including svbcollapse[.]com, svbclaim[.]com, svbdebt[.]com, svbclaims[.]net, login-svb[.]com, and Svbbailout[.]com, have emerged, among others.
- The most significant number of domain names registered containing the name SVB occurred on March 12.
- Through this, actors request personal information of individuals, such as their name, mobile number, email, and balance amount to process a claim.
BEC and crypto scams
In addition to registering suspicious domains, threat actors are also conducting various other scams. Researchers have identified several cryptocurrency scams where phishing sites have established false USDC reward programs.
- In BEC scams, some customers have reported receiving new non-SVB account details from their existing vendors to facilitate payments.
- Proofpoint reported that it had identified a campaign that used lures related to USDC, a digital stablecoin tied to the USD that was affected by the SVB collapse. Malicious SendGrid accounts sent messages that impersonated cryptocurrency brands and directed victims to URLs where they could claim their crypto.
- In another scenario, criminals spoofed fintech company Circle, which issues USDC, with a lure promising 1:1 USDC to USD redemption, as soon as Circle announced that it had cash reserves in SVB.
Phishing for more
Cloudflare reported that it had discovered a significant KYC phishing campaign utilizing SVB branding in a DocuSign-themed template. The campaign was detected 79 times within hours of its launch.
- Matthew Prince, Founder and CEO of the company, was also targeted with an attack that contained HTML code with an initial link that redirected four times, eventually leading to a website controlled by the attackers.
- The HTML file included in the attack sends the user to a WordPress instance with recursive redirection capability, but it is unknown whether this particular WordPress installation has been compromised or a plugin was installed to enable the redirect.
In a nutshell
The SVB collapsing incident comes as a huge opportunity for fraudsters who are not only targeting its customers but everybody involved in transactions with different entities. Researchers surmise that the SVB collapse will have a prolonged impact on the organizations and more sophisticated scams might appear. It is recommended that SVB clients stay vigilant and directly contact the vendors before changing any account information.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/12ec_shutterstock_687323650.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/af3b_shutterstock_783541222.jpg)
