SVB account holders targeted with phishing, scams


After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts.

Proofpoint researchers flagged a campaign using messages supposedly coming from several cryptocurrency brands, trying to trick users into installing a Smart Contract that would transfer the contents of their wallet to the attacker’s wallet.

“Once Circle announced they had cash reserves in SVB, the threat actor started spoofing the fintech company, using a lure that promised the victim could redeem USDC to USD at 1:1 rate,” they noted.

Then there’s this email campaign spotted by INKY:

“Several INKY users received fake DocuSign notifications that appeared to come from Silicon Valley Bank. All phishing emails were spoofed to look like they came from dse_na2@docusign[.]net, the real and legitimate sending email address for DocuSign notifications. An examination of email headers revealed that these attacks actually come from several virtual private servers associated with newly created domains,” the company says.

Clicking on the “Review Documents” button takes users through a few redirects and finally to a clone of the legitimate Microsoft login page, designed to send the entered login credentials to the bad actors. (The same phishing campaign seems to have been documented by Cloudflare, after it targeted the company CEO.)

Scammy sites have been popping up:

What to do?

Mitiga CTO Ofer Maor has provided advice for companies that banked with SVB on how to safeguard themselves, their customers and suppliers, by increasing security awareness, making sure their processes around payment changes are robust, and by setting up additional monitoring of both account activity (phishing) and financial activity (BEC scams).

Jennifer Zeman, Head of Email Security Product Management at Symantec, has also provided pointers for both email security teams and finance departments.





Source link