Last Updated: 2023-03-13 14:53:24 UTC
by Johannes Ullrich (Version: 1)
Any big news story tends to attract its set of scams. We have seen this happening for disasters, political events, and wars. So it isn't a big surprise that last week's failure of Silicon Valley Bank is starting to get some traction.
If you see any scams (phishing, malware...): Please let us know via our contact page or email (handlers - at - isc.sans.edu )
The failure of Silicon Valley Bank has some particularly enticing properties for scammers:
- It involves a lot of money
- Urgency: Many companies and individuals employed by companies have questions about how to pay urgent bills. Will my employer be able to make payroll? Is there anything I need to do right now?
- Uncertainty: For many, it isn't clear how to communicate with SVB, what website to use, or what emails to expect (or where they will come from?)
All this is bound to result in some simple but also targeted scams.
You should expect some targeted scams if it is known that you or the company you work for banks with SVB. Most of the time, this information is more or less public. Expect not just email but also SMS or phone call scams.
Some of the legitimate offers may be indistinguishable from scams. People may offer loans or legal services to affected companies. As with natural disasters in the past, we also see law firms setting up dedicated pages to attract clients for an eventual lawsuit.
We do already see a little race to register SVB related domains:
Not all of these are outright scams, just try to make a more or less honest buck off the crisis. Here are some of the registrations related to the bank:
login-svb.com (currently "parked")
And many more...
Trying to go over some of the domains now to see what they contain and will update this story.
As pointed out by Peter Bronez on Mastodon, this is a likely opportunity for scammers to conduct "Business Email Compromise" like scams. He sees emails from vendors informing their customers of new, non-SVB account information. Please do not be part of the problem. Do not just change banking information because of an email; reach out to vendors/customers via established communication media (phone...). Follow your procedure and do not allow false-urgency to affect what you are doing. VERIFY!