The collapse of Silicon Valley Bank (SVB) late last week sent tremors through the global financial system, creating opportunities for short-sellers – and numerous species of scammer.
According to various researchers and security firms, threat actors are already out hunting for SVB-exposed prey through both passive and active phishing scams, including similar fake domains and business email compromise (BEC) attacks.
Johannes Ullrich, dean of research at SANS Technology Institute, clocked a rapid increase in the number of domain registrations containing the term “SVB” since the March 10 collapse.
“Over the weekend, we saw a number of domain registrations tracking the Silicon Valley Bank failure (for example svblogin.com, loginsvg.com and such),” he wrote on LinkedIn.
“We also got reports that former SVB customers are sending simple emails to update their vendors with new ACH [automated clearing house] account information. Please stop that. Just a matter of time for the bad guys to spoof emails like that (if they don’t already do it).”
Ullrich also noted that SVB’s failure has some attractive features for scam operators: money, urgency and uncertainty.
“For many, it isn’t clear how to communicate with SVB, what website to use, or what emails to expect (or where they will come from)” wrote Ullrich.
Ullrich isn’t the only one noticing an increase in SVB-referencing domain registrations.
New domain registrations relating to Silicon Valley Bank are emerging. Some could be #phishing campaigns. Listed below is what we’re seeing now. Keep in mind not all are