Note: for background and email security advisements on this subject, see this post by Barracuda CTO Fleming Shi: Stay ahead of attackers trying to capitalize on recent bank failure
Cybercriminals have started new phishing campaigns that target organizations and individuals who were members of affected banks. Fraudulent messages are being sent in an attempt to trick victims into revealing personal/account information such as social security numbers, passwords, and account numbers. Barracuda SOC recommends providing end-users with email security awareness training, implementing email protection that includes artificial intelligence to prevent phishing attacks, and being extra vigilant before sharing any type of account information.
What is the threat?
Multiple banks have collapsed in recent weeks. During this heightened sensitivity, threat actors are using this as an opportunity to drive social engineering attacks. Phishing campaigns have been designed to take advantage of the banking crisis by impersonating cryptocurrencies, loan lenders, founders of financial teams, and more. Threat actors are pretending to be companies impacted by the bank failure incident and sending out phishing emails to extract users’ personal information.
Why is it noteworthy?
Threat actors are creating convincing fraudulent emails or text messages pretending to be a member of the collapsed bank and encouraging recipients to click links to re-activate frozen accounts or trick clients into transferring money to new accounts to recover funds. Finance employees are the most vulnerable as they have access to an organization’s banking information for billing/payments.
On March 10, 2023, Silicon Valley Bank failed, which was the largest failure of any bank since the 2007-2008 financial crisis and the second largest in U.S. history. Researchers are claiming threat actors might contact former clients/employees to offer fake services, such as loans, legal services, and more, to obtain personal account information. “An attack already seen in the wild is from BEC threat actors who are impersonating SVB customers and telling customers that they need payments sent to a new bank account after the bank’s collapse” (Bleeping Computer).
Cybercriminals behind “cash4svb.com” attempted to phish former SVB trade creditors’/lenders’ customers by promising to return between 65% and 85% to retrieve their contact information.
On March 13, 2023, it was observed that threat actors were hosting cryptocurrency scams as well. Customers were sent a “payback” program email; however, when customers clicked the “Click Here to Claim” button, it would attempt to compromise MetaMask, Exodus, and the Trust Wallet crypto wallets.
What is the exposure or risk?
The phishing campaigns/scams will continue to target organizations’ and individuals’ personally identifiable information and other account information that these bank entities own. Threat actors can steal customers’ information/identity, and steal money from the individual and organization, causing further compromise.
What are the recommendations?
Barracuda SOC recommends the following actions to limit the impact of a phishing attack:
- Provide end-user security awareness training
- Ignore emails from unusual domains
- Do not click links without verifying if it is legitimate
- Implement Email Protection
- Confirm with financial institutions if they are requesting bank account details via phone
References
For more in-depth information about the recommendations, please visit the following links:
- https://securityboulevard.com/2023/03/the-failure-of-silicon-valley-bank-is-a-ground-shaking-crisis-and-a-cybersecurity-red-alert/
- https://www.bleepingcomputer.com/news/security/cybercriminals-exploit-svb-collapse-to-steal-money-and-data/
- https://www.cybersecuritydive.com/news/bank-failure-panic-fuel-threats/644949/
- https://cyberprotection-magazine.com/bank-collapse-drives-phishing-attacks
- https://nwi.life/article/bank-failure-phishing-scams/
This Cybersecurity Threat Advisory was originally published at SmarterMSP.
Note: for more background and email security advisements on this subject, see this post by Barracuda CTO Fleming Shi: Stay ahead of attackers trying to capitalize on recent bank failures
