Cybercriminals are capitalizing on the failures of
The Internet Storm Center, a group that monitors malicious internet activity,
Not all of those newly created websites are outright scams, the center said, but for every one that isn't, there is likely another scam site that does not contain "SVB" but impersonates Signature Bank or another entity that has been in headlines this week.
For cybersecurity experts, this flood of potential scams is hardly a surprise. Any big news creates an opportunity for fraudsters to spin a new narrative in a phishing campaign, and fraudsters have a playbook they can follow to take advantage.
"There is a blueprint when something like this happens, and it often kicks off with registration of new domains," said Ashley Allocca, senior intelligence analyst for threat intelligence company Flashpoint.
What made this episode different is the amount of money at stake. At Silicon Valley Bank, deposits that were under the insurance limit of $250,000 accounted for just 2.7% of the company's total deposits, according to a research note from RBC Capital Markets analyst Gerard Cassidy.
Not only is there a lot of money to make off scams centered on these bank failures, but it doesn't take a lot of technical acumen to launch such a campaign, according to Allocca. This means a flood of scams is likely to hit these customers, and that flood is likely to last as long as the headlines on bank failures and rescues last.
The tail on these attacks is likely to be long, but the greatest threats are in the short-term, according to Ilia Kolochenko, CEO of application security company ImmuniWeb.
"We'll certainly see some echo during the next 12 to 36 months, but probably the most dangerous activities will happen during the next two, three weeks," Kolochenko said.
Although customers are the largest group who should be concerned about phishing campaigns launched in the wake of these bank failures, people with privileged access to account and customer information — bank employees, vendors, regulators, and others — also need to keep their guards up for potential business email compromises and related attacks.
One way institutional actors can mitigate their risk is by reducing the urgency employees face, according to Chris Pierson, CEO of cybersecurity company BlackCloak. Urgency is a key factor in any successful impersonation campaign, so giving potential victims a way to escape that urgency could help them see clearly and better spot fraudulent messages.
Pierson invoked the example of the
With such protections, Pierson said, employees are better prepared to detect and report that something is wrong if, say, a fraudster impersonating a superior tries to pressure the employee to do something uncharacteristic like disclose sensitive information in an email.
Regardless of the specific events, though, threat actors will always look to update their phishing campaigns to keep up with the latest news and keep their campaigns relevant and believable, according to Flashpoint's Allocca.
"These actors are always going to try to reinvigorate their campaigns with whatever is coming next," Allocca said. "A lot of that infrastructure for that attack is already there. It'll be interesting to see how long it goes and the different variances in these types of campaigns."
