Fear and herd mentality are what drove depositors to withdraw US$42 billion in a single day from Silicon Valley Bank (SVB) in a classic bank run.
When bank customers and clients saw other individuals and organizations run for the exit, they also raced to pull out their cash at the same time. This rush for safety of their deposits sealed SVB’s failure, but it is also likely to become a fertile ground for cyber criminals.
Surge in registered domains referencing SVB
Between March 6 and 12, 2023, information technology security services provider ReliaQuest observed “95 new domains likely impersonating SVB, none of which are registered to registrars previously used by SVB. This is an 11x increase in comparison to the rolling average of potential impersonating domains over the past three months.”
The domains potentially impersonate legitimate services of the beleaguered bank, such as customer support, and also include examples of typo-squatting.
Typo-squatting is a form of cybercrime, also known as URL hijacking or a fake URL, where cyber scammers register a common misspelling of another organization's domain as their own (for example, goggle.com instead of google.com). They rely on mistakes such as slight misspellings made by a user when inputting a website address into a browser to lead them to the typo-squatter’s site instead, where the user can be tricked into revealing sensitive data, including login credentials, credit card numbers or bank account details.
“Although these domains aren’t hosting content at the time of writing, they may be placeholders for future threats. Impersonating domains are often used in phishing attacks. They can be used to increase the legitimacy of phishing emails, to encourage victims to click on malicious links, or to create fake login pages to capture banking—or other—credentials”, cautions ReliaQuest.
Increase in phishing and business email compromise attacks
Colossal money, the involvement of banks, fear and a sense of urgency can fuel the next big opportunity for bad actors and result in targeted cybercrimes.
In response to an anticipated phishing and business email compromise (BEC) attack wave due to the failure of SVB and Signature Bank, America’s cyber defence agency, the Cybersecurity & Infrastructure Security Agency (CISA) warned businesses and consumers to “Exercise caution in handling emails with bank-related subject lines, attachments, or links. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to any failed bank.”
Phishing attacks can come from emails appearing to originate from a well-known bank or credit union, or perhaps from Federal Deposit Insurance Corporation (FDIC)—using the guise of verifying customer fund security to request that users submit confidential banking information or account details, download or open a malicious attachment, or click a fraudulent link that will take them to a site that looks like the bank’s site but is actually fake, to net significant information and sums of money from the unsuspecting user. These attacks can also be carried out by text messages (smishing) or by using the phone (vishing).
CEOs, finance chiefs and corporate treasurers, which often have access to an organization’s banking, billing and payments information, are a favoured target for hackers conducting business email compromise attacks and are likely to be impersonated. “With former SVB clients currently finding new banks and conducting large-scale money transfers, they are particularly at risk”, reckons ReliaQuest.
With the collapse of SVB, massive amounts of funds are being wired into new accounts that are being set up, even as organizations are operating with a sense of urgency to get money transferred. Cyber criminals aware of such urgency in funds transfers can pose as a trusted source to coax a victim (finance or treasury professional) into wiring money or redirecting payments to an ostensible new account at a new bank controlled by the scammer.
Steps to defend against cyber threats
Whatever the resolution of the recent bank failures, protecting an organization’s data and assets from cyber criminals is of paramount importance.
The following are key measures to block cyber threats that may arise in the wake of banking collapses – now and in the future:
- Arming employees in high-risk departments (finance, treasury and human resources) with adequate security training (securetreasury.com).
- Increasing employee awareness around better understanding of fake communications (scrutinizing for spoofed email addresses and fake emails) with regard to banking and stakeholder relationships.
- Exercising caution when wiring funds.
- Avoiding making account changes over email.
- Refraining from responding to urgent or immediate call to action or threats.
- Encouraging team members to seek out reliable sources of information.
- Preventing unverified applications and attachments from being downloaded to corporate devices.
In conclusion, in times of fear, uncertainty, panicky responses and turmoil, cyber attacks proliferate because scammers look for a new angle to exploit the chaos. For now, remaining vigilant with financial transactions and taking the proactive steps suggested above to defend against cyber threats arising from recent bank failures should be among the top finance and treasury priorities.
Like this item? Get our Weekly Update newsletter. Subscribe today