The SVB collapse is being exploited by scammers

News
By Lewis Maddison
published

Fake domains, crypto scams and BEC attacks are rearing their ugly heads

Person typing
(Image credit: Shutterstock)

The collapse of the Silicon Valley Bank (SVB), which has rocked the financial world, is now inevitably being exploited by cybercriminals. 

Threat actors are clamoring to gain from the downfall, with fake domains being registered resembling SVB, phishing pages created and attacks on business email addresses.

The aim is to steal money directly, or otherwise to steal valuable data and spread malware that will eventually lead to financial rewards for criminals via dark web sales or by blackmailing victims in a similar vain to ransomware

Multiple scams

SVB, once the 16th largest bank in the US and depended upon by almost half of all venture-back tech startups, collapsed on March 10 after customers withdrew their funds at an unsustainable rate. The move was triggered by the poor economic conditions that forced tech firms to shore up their finances.

It is the second-largest bank failure in US history, and has affected those in many industries, including those in tech, healthcare, private equity and even the wine industry.

read more

> Healthcare and finance are at serious risk with their cloud adoption


> Google Cloud is making changes to help startups grow


> Mozilla is offering $35 million to ‘responsible’ startups

In a report by Johannes Ullrich, Dean of Research for SANS Technology Institute, numerous suspicious domains have been registered in the wake of the incident, such as login-svb.com and svbbailout.com.

Cyber intelligence firm Cyble also found in its report the domains svbdebt.com and svbclaims.net, among others. These were registered on the very same day SVB went down, and are perpetrating cryptocurrency scams by falsely claiming that SVB is reimbursing its customers with USDC pay-outs. 

Other crypto scams are pretending to be affiliated with Circle, the payments firm that manages USDC payments and had $3.3 billion in SVB, taking advantage of the uncertainty over the firms liquidity now. 

Domains such as redeemed-circle.com and circle-reserves.com have been created, and are merely out to steal wallets and sensitive data. 

Ullrich also warned that threat actors will likely attempt to contact those affected by the collapse, under the guise of offering support, legal services, loans or similar. 

An attack type that has already taken place is called a business email compromise (BEC). Scammers are pretending to be former SVB customers and telling their customers in turn that they need to send any payments that may be incoming to a new bank account, which is actually controlled by the threat actor.

Phishing scams are also being run, with the domain cash4svb.com asking for SVB customer contact info under the pretense of being an investment group and offering cash to them.

The advice to SVB customers is to look out for suspicious emails and domains related to SVB, especially those mentioned changes in bank details. Confirm payment changes by phone if possible rather than email, as email accounts can be hijacked by threat actors. 

The FDIC and US Treasury have also issued advice to those affected by the SVB collapse.

Lewis Maddison
Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 


His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.


He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.