How Cybercriminals Exploit Bank Failures to Steal Money & Data

How Cybercriminals Exploit Bank Failures to Steal Money & Data

First it was Silicon Valley Bank, and then it was Signature Bank – the news of these two major bank failures has sent shockwaves of concern in the United States and globally that we’re inching closer to a recession. Given the prolonged, high levels of inflation we’ve seen recently and reports that other financial institutions, such as Credit Suisse and First Republic are struggling, it’s easy to understand why people are worried.

It’s in moments fueled by uncertainty and panic, such as these, that cyber scammers thrive. For them, tragedy and bad news present an opportunity to prey on people’s emotions. In fact, according to Cyble Research and Intelligence Labs, since the recent bank collapses, many suspicious web domains have surfaced, including:

  • svbcollapse[.]com
  • svbclaim[.]com
  • svbdebt[.]com
  • svbclaims[.]net
  • login-svb[.]com
  • svbbailout[.]com
  • svb-usdc[.]com
  • svb-usdc[.]net
  • svbi[.]io
  • banksvb[.]com
  • svbank[.]com
  • svblogin[.]com
In light of recent events, everyone needs to be aware about potential scams, but especially individuals and organizations that were clients of these banks. Here’s what you need to know about how bad actors design scams in moments of crisis, and what you can do to stay vigilant.

The Scams

Bad actors are using the current market environment to push out a wave of attacks surrounding the financial space, including phishing, spear phishing, social engineering, and business email compromise.

Scammers have been creating deceitful emails and texts posing as the collapsed banks, telling recipients of these messages that their funds have been frozen to create a sense of urgency. Bad actors may also pretend to be someone from your organization, such as the CEO, impersonating them via email, text, or social media. They have also been reaching out to people under the guise of providing legal services, loans, support packages, or other fake services related to the bank’s collapse.

Scammers might then ask the targeted person to do several things, including the following:

  • Click on a compromised link.
  • Provide personal information, such as name, phone number, email, account balance, login credentials, and other data.
  • Transfer money to a new account to avoid the loss of funds, when in reality the funds would get transferred to the scammer’s account.

Cybercriminals are savvy, using their technical and investigative skills to craft personalized messages so that they’re able to gain a person’s trust for their benefit. Their communications will often contain convincing details, such as the bank’s logo, a plausible web domain, and a known executive’s name to obtain that trust.

Bad actors say also choose to exploit their winnings from previous phishing scams or data breaches to attempt targeted, volume driven credential stuffing to gain access to accounts. In the midst of so many developing events, be on the lookout for suspicious transactions and transfers.

Our Recommendations

Though cybercriminals are innovative and persistent with their attacks, being educated and prepared is a viable line of defense against their tactics. Here are some indispensable cybersecurity best practices you and your employees should follow at all times, but especially in times of turmoil:

  • Continuously train and educate employees to be able to identify and report threats, like phishing or unsafe, suspicious URLs.
  • Confirm the authenticity of links or email attachments before opening them, preferably via a verified phone number, as an email account may be compromised. It is always best to visit the verified website to ensure that you are calling the correct number, and not an impersonated one that may be in the email.
  • Don’t download files from unknown websites.
  • Employ Multi-factor Authentication for all users.
  • Have encrypted backups of all data.
  • Use an Endpoint Detection and Response solution to monitor and stop suspicious activity.
  • Enable and analyze logs for your devices and digital landscape.
  • Have an incident response plan and ensure it’s up to date.
  • Use cyber security controls, like anti-virus and firewall software.
  • Review your cyber insurance to ensure that you’re covered for cyber incidents should they happen.

Many companies and individuals have been impacted by recent events in the banking world. It’s an unfortunate reality that bad actors will try to capitalize on the uncertainty for their gain, which means you need to do your part and be prepared to prevent their attacks. If you have yet to do so, now is a great time to assess your cyber risk, security posture, and insurance coverage should disaster strike.

Contact us about how to best implement an effective cybersecurity training program and for guidance about your cyber insurance coverage needs.

This material has been prepared for informational purposes only. BRP Group, Inc. and its affiliates, do not provide tax, legal or accounting advice. Please consult with your own tax, legal or accounting professionals before engaging in any transaction.

Comments are closed.

Table of Contents

Recents Post
June Pulse
June 2024 The Pulse Newsletter
Golf cc hospitality state of the market
Hospitality, Golf, and Country Club Market Update
Heat Related webpage
Heat Illness and Workers' Safety Precautions

This document is intended for general information purposes only and should not be construed as advice or opinions on any specific facts or circumstances. The content of this document is made available on an “as is” basis, without warranty of any kind. Baldwin Risk Partners, LLC (“BRP”), its affiliates, and subsidiaries do not guarantee that this information is, or can be relied on for, compliance with any law or regulation, assurance against preventable losses, or freedom from legal liability. This publication is not intended to be legal, underwriting, or any other type of professional advice. BRP does not guarantee any particular outcome and makes no commitment to update any information herein or remove any items that are no longer accurate or complete. Furthermore, BRP does not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content. Persons requiring advice should always consult an independent adviser.

Baldwin Risk Partners, LLC offers insurance services through one or more of its insurance licensed entities. Each of the entities may be known by one or more of the logos displayed; all insurance commerce is only conducted through BRP insurance licensed entities. This material is not an offer to sell insurance.

Get in contact with an advisor today to see how BKS can support you.