The collapse of Silicon Valley Bank (SVB) has triggered a wave of phishing and business email compromise (BEC) attempts around the globe as cybercriminals seek to exploit the situation for their own ends. SVB, which held an estimated $200 billion in assets, was a key financier of tech start-ups and its collapse has caused anxiety among corporate customers worried about how to pay their bills if they cannot access their assets. Scammers are using classic social engineering techniques, such as using a breaking news story to lure the recipient in, spoofing SVB or other brands to gain recipient trust, creating a sense of urgency, and including malicious links/attachments to harvest information or steal funds.
Some phishing attempts have focused on stealing the details of SVB customers, possibly to sell on the dark web or to create a phishing list of targets for future scams; others have embedded more sophisticated methods of stealing cash from victims. For example, one effort uses a fake reward program from SVB claiming that all holders of stablecoin USDC will get their money back if they click through; however, the QR code the victim is taken to will compromise their cryptocurrency wallet account.
This news event is also providing the perfect conditions for BEC attacks to flourish. Finance teams are going to be legitimately approached by suppliers that previously banked with SVB and have now switched financial institutions. As a result, they need to update their account details. Attackers could use this confusion to impersonate suppliers with modified account payee details. Some of these attacks may be sent from spoofed domains, but others may be more convincing, with emails sent from legitimate but hijacked supplier email accounts. Organizations without sufficient fraud checks in place could end up mistakenly sending money to scammers.
To stay safe from the scammers, individuals and organizations should be cautious about unsolicited messages received by email, SMS, social media, etc.; try to independently verify them with the sender before deciding whether to reply; not download anything from an unsolicited message, click on any links, or hand over sensitive personal information; look for grammatical mistakes, typos, etc., that can indicate a spoofed message; switch on two-factor authentication (2FA) for all online accounts; use strong and unique passwords for all accounts, ideally stored in a password manager; regularly patch or switch on automatic updates for all devices; report anything suspicious to the corporate security team; and ensure they have up-to-date security software on all their devices from a reputable provider.
Importantly, both individuals and organizations should update payment processes so that large wire transfers must be signed off by multiple employees. Corporations should also run continuous, regular phishing training exercises for all staff, including simulations of currently trending attacks; consider gamification techniques that may help reinforce good behaviors; build BEC into staff security awareness training; and invest in advanced email security solutions that include anti-spam, anti-phishing, and host server protection to prevent threats from even reaching their targets. Everyone must be on the lookout for unexpected emails or calls, mainly those coming from a bank and requiring urgent action. Never click a link and input banking login credentials or give them over the phone at any time. To access banking information, individuals should use their bank’s official website.
Serbian 
English 
Albanian 
Croatian 