But last week, concerns about the bank’s liquidity amidst a downturn in its financial investments quickly spiraled into an existential crisis. After a debilitating run on deposits snowballed on Thursday, federal regulators took over the institution on Friday and froze its remaining assets.
It’s alarming—in fact, a true crisis—that an institution like this bank failed. The federal government rushed over the weekend to seek potential buyers to absorb SVB and ensure the continuity of its essential services, while also announcing a guarantee that all depositors will be made whole. Both actions ultimately are reassuring, but it exposes just how serious the consequences of failure would be for the bank’s customers and the economy as a whole.
Too many of its technology clients would quickly run out of cash, jeopardizing operations, payroll, and countless contractual obligations. These companies desperately began looking for a new bank, and scrambling to ensure that customers and partners send payments to new accounts at other institutions.
The news may well have outpaced this summary. But this crisis is a dramatic illustration of a truism in the world of cybersecurity: fear and chaos create a perfect storm for fraud. Criminals and fraudsters are absolutely mercenary and see opportunity in the aftermath of events such as the collapse of SVB. They see an opportunity to make a quick buck in an environment of uncertainty, shifting events, and panicky responses.
Cybercriminals already are jumping aggressively to exploit company and investor fears as they scramble to transfer funds to safer harbors. Let’s examine some of the ways bad actors engineer scams at these moments, and how security organizations and executive leaders should be vigilant during this crisis.
Attack Vectors and Scams in the Aftermath of SVB’s Fall
Phishing and smishing attacks targeting SVB customers
Cybercriminals may create fraudulent emails or text messages posing as the collapsed bank, claiming that the recipient's account has been frozen and urging them to click on a link to re-activate it. Or they may instruct target clients to transfer money to a "new account" to avoid loss of funds. These emails will contain convincing details, such as the bank's logo, a known account executive's name, and links to convincing but counterfeit websites (including virulently effective reverse proxies) that trick clients into transferring money to the scammer's account or that steal login credentials, personal and account information, and other data.
Business Email Compromise (BEC) scams exploiting the news
Cybercriminals will impersonate CFOs and other company executives to trick employees to redirect payments to an ostensible “new account at our new bank” controlled by the fraudster. This already is occurring in the wild—a colleague received an email supposedly from a tech company accounts receivable team asking to be paid at a different bank account number due to the SVB collapse. A fraudulently misdirected wire transfer could lead to catastrophic loss.
Account Takeover (ATO) attacks on banking or fintech sites and apps
Cybercriminals may exploit previous data breaches or phishing scams to attempt both targeted and volumetric, bot-driven credential stuffing to gain unauthorized access to accounts. Once inside, they can initiate fraudulent transactions, transfer funds, or steal sensitive information. Banking, payments, and fintech sites and apps may be particularly targeted during this period. It’s crucial that businesses in this sector are prepared to block account take-overs and other automated attacks that are sure to spike during this period of increased chaos in the market.
Spear phishing and social engineering attacks hijacking fears about SVB
Let’s face it: with a con-artist’s touch and savvy technical skills, cybercriminals can accomplish all manner of fraud. Consider how a fraudster might use spear phishing or other social engineering methods that leverage the SVB news as a pretext to gain access to devices and accounts to install malware including ransomware, keyloggers, or RATs to infect an organization’s systems, acquire login credentials, initiate fraudulent transactions, or exfiltrate all manner of sensitive information. Now is a perfect time to focus on your team’s security awareness training to be extra alert to the methods bad actors use to win their trust.
Whatever the ultimate resolution of the SVB institution and the banking economy, take care in the coming days and weeks to protect your business and employees against what will certainly be a tsunami of attacks seeking to hijack fear and uncertainty.
It is an unfortunate reality that cybercriminals attempt to capitalize on any instance of tragedy or uncertainty. If you have yet to do so, now is the time to expand your cyber “toolkit” to prepare for any potential cyberattacks, to include social engineering and ATOs. Ask your security teams and vendors to give you a clear plan for response and make sure they treat it like the DEFCON-level incident it is. Your adversaries aren’t waiting.
Understanding the threat is often half the battle. Arkose Labs has a library of resources that you can use to gain more insight into popular cybercriminal tactics. If you would like to have a chat with us, please don’t hesitate to do so.