The SVB collapse is being exploited by scammers

Person typing
(Image credit: Shutterstock)

The collapse of the Silicon Valley Bank (SVB), which has rocked the financial world, is now inevitably being exploited by cybercriminals. 

Threat actors are clamoring to gain from the downfall, with fake domains being registered resembling SVB, phishing pages created and attacks on business email addresses.

The aim is to steal money directly, or otherwise to steal valuable data and spread malware that will eventually lead to financial rewards for criminals via dark web sales or by blackmailing victims in a similar vain to ransomware

Multiple scams

SVB, once the 16th largest bank in the US and depended upon by almost half of all venture-back tech startups, collapsed on March 10 after customers withdrew their funds at an unsustainable rate. The move was triggered by the poor economic conditions that forced tech firms to shore up their finances.

It is the second-largest bank failure in US history, and has affected those in many industries, including those in tech, healthcare, private equity and even the wine industry.

In a report (opens in new tab) by Johannes Ullrich, Dean of Research for SANS Technology Institute, numerous suspicious domains have been registered in the wake of the incident, such as and

Cyber intelligence firm Cyble (opens in new tab) also found in its report the domains and, among others. These were registered on the very same day SVB went down, and are perpetrating cryptocurrency scams by falsely claiming that SVB is reimbursing its customers with USDC pay-outs. 

Other crypto scams are pretending to be affiliated with Circle, the payments firm that manages USDC payments and had $3.3 billion in SVB, taking advantage of the uncertainty over the firms liquidity now. 

Domains such as and have been created, and are merely out to steal wallets and sensitive data. 

Ullrich also warned that threat actors will likely attempt to contact those affected by the collapse, under the guise of offering support, legal services, loans or similar. 

An attack type that has already taken place is called a business email compromise (BEC). Scammers are pretending to be former SVB customers and telling their customers in turn that they need to send any payments that may be incoming to a new bank account, which is actually controlled by the threat actor.

Phishing scams are also being run, with the domain asking for SVB customer contact info under the pretense of being an investment group and offering cash to them.

The advice to SVB customers is to look out for suspicious emails and domains related to SVB, especially those mentioned changes in bank details. Confirm payment changes by phone if possible rather than email, as email accounts can be hijacked by threat actors. 

The FDIC (opens in new tab) and US Treasury (opens in new tab) have also issued advice to those affected by the SVB collapse.

Lewis Maddison
Graduate Junior Writer

Lewis Maddison is a Graduate Junior Writer at TechRadar Pro. His coverage ranges from online security to the usage habits of technology in both personal and professional settings.

His main areas of interest lie in technology as it relates to social and cultural issues around the world, and revels in uncovering stories that might not otherwise see the light of day.

He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.