The downfall of Silicon Valley Bank (SVB) on March 10, 2023, has caused instability all across the global financial system, but for hackers, scammers, and phishing schemes, it's evolving into a huge opportunity.
Security experts have already observed a variety of schemes that take advantage of the situation, which has severely hurt tech companies. Proofpoint researchers reported on Twitter that they have observed scammers sending fraudulent emails pertaining to a cryptocurrency company impacted by the failure of SVB.
On March 12, a considerable amount of domain names with the name SVB were registered. Threat actors are preparing for business email compromise (BEC) attacks by registering suspicious domains, creating phishing pages, and more. These operations seek to defraud targets by stealing money, account information, or malware.
A campaign using lures related to USDC, a digital stablecoin linked to the USD that was impacted by the SVB collapse, was found, as per Proofpoint. Fraudulent cryptocurrency businesses were defamed in messages sent through malicious SendGrid accounts that pointed users to URLs where they could claim their cryptocurrency.
A substantial KYC phishing campaign using SVB branding and a template with a DocuSign theme was found, as per Cloudflare. Within hours of the campaign's inception, 79 instances were where it was discovered. An assault that included HTML code with a first link that changed four times before linking to an attacker-controlled website was also intended at the company's CEO.
The HTML file used in the attack directs the user to a WordPress instance with the capacity to do the recursive redirection, however, it is unclear if this specific WordPress installation has been hijacked or if a plugin was set up to enable the redirect.
