Major Bank Collapses Trigger yet another Scam Opportunity for Fraudsters
April 5th, 2023
In the aftermath of the recent collapses of Silicon Valley Bank and Signature Bank, we have seen the emergence of new scam opportunities from fraudsters. Reports from industry are noting an increase in the registration and number of fake domains impersonating SVB or SB. In addition, these cybercriminals with fake domains are also using malware to steal account data or gain valuable information to be used in subsequent phishing attacks.
On March 9, the day preceding the shuttering of SVB, and in part on desperation fueled by rumors of SVB’s closure on social media, SVB customers withdrew $42 billion from the bank. The following day, when it was public knowledge regulators were closing SVB, a total of $100 billion was scheduled to leave the bank. On March 10, SB customers similarly spooked by the collapse of SVB withdrew more than $10 billion. The billions of funds on deposit, but at risk to bankruptcy liquidations, were a juicy target for cybercriminals. All the more attractive is the fact that the run on these bank deposits saved scammers the effort of creating a false sense of urgency—that’s an important and necessary ingredient normally needed to execute a successful socially-engineered scam campaign.
As reported by American Banker, citing Internet Storm Center information, in the weekend following the collapse of SVB and SB, over 70 new, fake, and illicit domain registrations were discovered. Cybercriminal were attempting to impersonate SVB. For instance, fake SVB.com domains combine words like ‘claim’ and ‘deposit’ with SVB. This was an obvious attempt to phish for customers’ attentions, as those account holders were desperate to claim their deposits after failed efforts to move these funds to bigger or safer financial institutions. Customer desperation was only more amplified by the fact that slim, and single digit percentages of deposits, particularly at SVB, were covered by the Federal Deposit Insurance Corporation (FDIC) ‘Deposit Insurance’ program.
So how are cyber criminals using these fake domains to scam unwitting SVB and SB customers? We are seeing:
- Evidence of Advance Fee—false promises and representations to gain fees to protect said deposits, but no return of funds is accomplished
- Business Email Compromise—using information garnished illicitly through the fake domain, where access to the customer’s legitimate email is gained and the cybercriminal opens a communication mechanism for illicit payments
- Employment scams—fake jobs postings targeting unfortunate former staffers at SVB and SB that have since lost gainful employment
These actions are all emanating out of these fake domains. For affected customers of SVB and SB, we strongly recommend the use of FDIC-only resources and information listed at FDIC.gov while attempting to obtain funds still on deposit with these banks.
NICE Actimize is committed to partnering with banks and financial institutions to fight, detect and stop scams, such as the ones arising out of these bank failures. Real-time transaction monitoring, such as NICE Actimize’s IFM-X scam prevention solution, is the first line of defense against scams. It provides complete, real-time, end-to-end fraud prevention coverage that continuously adapts to new and emerging fraud threats. We are also hard at work on a multi-model execution strategy against scams. It uses a diverse set of deep learning models, purpose-built expert features, and collective intelligence built across industry data to identify and prevent scams in real time.
Contact us for further guidance and information on staying ahead of emerging and existing fraud scams in this challenging economic climate.
 Bleeping Computer: Cybercriminals exploit SVB collapse to steal money and data (2023)