The Massachusetts State Police Commonwealth Fusion Center (CFC) believes that cyber actors may use the current bank failures for future phishing and business email compromise (BEC) attacks. Cyber actors often use current events to mask their phishing campaigns to seem more believable and relevant. As everyone now knows, Silicon Valley Bank (SVB) became one of the largest banks to fail since the 2008 financial crisis. More recently, First Republic Bank also failed. Due to the widespread attention these stories are receiving, cyber security professionals believe this will lead to phishing and BEC attacks utilizing an SVB and/or First Republic Bank lures. These lures could include legal services, loans, financial aid, bank information, potential lawsuits, account access, new bank ownership information, or anything related to bank failure.
Spear Phishing – Spear-phishing attacks are designed to target a specific person or organization. Spear phishing is primarily done through email but can also occur through text or phone call. Cyber actors can tailor their phishing campaign directly to SVB or First Republic Bank customers. These bad actors could try to manipulate customers of the failed or threatened banks by claiming they can provide them special deals, financial aid, banking assistance, account reset, or any other enticing offer. This could lead to victims providing sensitive information (bank account, SSN, routing number, etc.) or downloading malicious files to their network.
Businesses Email Compromise (BEC) – BEC targets organizations that conduct wire transfers. BEC attackers tend to target specific people within an organization based upon their influence and/or job capabilities (HR representatives, finance personnel, executives, etc.). BEC attackers rely heavily on social engineering to trick employees and high-ranking officials to unknowingly assist with their malicious goals (e.g., authorizing financial transactions, releasing sensitive information, granting privileges to databases, changing routing instructions, etc.). Instead of targeting individual SVB and First Republic Bank customers, bad actors could target companies and businesses that utilize those banking institutions.
Vendor Email Compromise (VEC) is a specialized form of a BEC attack that involves scammers impersonating a company’s vendor. VEC is an attack that uses stolen information from one organization to defraud another business or individual, typically by impersonating a vendor and requesting a change to banking information. Bad actors could use the banking failures to deceptively notify companies that their vendor is changing financial institutions, routing numbers, or how they conduct financial transactions. This could lead to companies mistakenly sending payments directly to malicious cyber actors.
Typo-Squatting – Typo-Squatting is when malicious actors create fraudulent websites that are designed to look similar to legitimate domains. These websites usually have similar addresses or miniscule typos that unsuspecting victims may overlook. Within days of the initial SVB Bank news, there was a dramatic increase in domain names registered that include “SVB.” These newly registered domains could be used to trick unsuspecting victims into providing sensitive information or potentially downloading malicious files. Since similar in name, these potentially fraudulent websites could be accidentally accessed by people searching for the authentic SVB and First Republic Bank websites:
Source: “SANS Internet Storm Center,” Accessed 16 March 2023
For strategies to utilize to avoid these type of attacked, check out our webinar on BEC by Chris Hart and Yoni Bard.