Researchers at ReliaQuest warn that organizations should continue to be on the lookout for social engineering attacks related to Silicon Valley Bank (SVB).
“Not ones to procrastinate, cybercriminals have already begun exploiting SVB’s collapse,” the researchers write. “Phishing scams impersonating the bank have been observed targeting cryptocurrency users. Attacks have also been observed impersonating financial services companies, promising cryptocurrency users a payout because of the collapse.”
The researchers note that attacks themed around SVB will likely be more targeted and focused on financial employees and executives working for the bank’s corporate customers.
“We’ve been monitoring cybercriminal forums for reaction to the event,” the researchers write. “At the time of writing, reaction has been limited—SVB was not a retail bank, so cybercriminals are less likely to have premade phishing kits ready to impersonate SVB. However, for at least some cybercriminals, interest has been piqued: one forum user noted that the collapse leaves former customers vulnerable to targeting.”
ReliaQuest has observed chatter on criminal forums surrounding the situation, with one crook stating that this is “a good time to target the banks [sic] clients,” since they’re “probably looking to take out the money asap.” This will likely lead to business email compromise (BEC) attacks.
“In BEC attacks, threat actors impersonate, or sometimes compromise, employee email addresses to trick other employees into transferring them money,” the researchers write. “High-ranking employees, like CEOs or CFOs, are particularly likely to be impersonated. With former SVB clients currently finding new banks and conducting large-scale money transfers, they are particularly at risk.”
The researchers conclude that organizations, particularly those that have worked with SVB, should warn their employees to be on high alert for these types of attacks.
“BEC campaigns instill a sense of urgency around money transfers,” ReliaQuest explains. “They can be difficult to identify for victims, particularly when email accounts have been hijacked. Individuals responsible for making financial payments should be aware of common BEC tactics and should ensure payment requests are valid before transferring funds. Companies should inform employees of their business relationship with SVB and give employees instructions on how to verify whether emails are legitimate.”
New-school security awareness training can enable your employees to thwart targeted social engineering attacks.
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW