The collapse of the Silicon Valley Bank (SVB) has attracted scammers, who are after the money and data of the bank’s customers. IT security researchers have already observed the first concrete attacks. Proofpoint officials report a malicious campaign designed to find victims among SVB customers trading the cryptocurrency USD Coin (USDC), a digital currency pegged to the US dollar that was impacted by the SVB collapse.
The campaign messages spoofed various cryptocurrency tokens and were sent using malicious SendGrid accounts. The links included in the messages refer to different domains that ask the victims to claim their cryptocurrency or to convert it into US dollars. Clicking on the website buttons leads to opening a DeFi URL, which are generally used for financial transactions, for which a URL handler must be installed. Proofpoint cites MetaMask wallet as an example. The victim is then tricked into installing a smart contract that sends the contents of the victim’s crypto wallet to the scammers.
The attackers also imitated the fintech company Circle when it announced that it had cash reserves in the SVB, to lure victims that they could convert and redeem their USD coin into US dollars with a 1:1 exchange rate. Other IT researchers are also observing that potential fraud is being prepared. The Internet Storm Center from the Sans Institute has observed a strong increase in domain registrations related to SVB.
The ISC lists several domains related to SVB, which were trying to rake in the SVB banking crisis. The ISC suspects that cybercriminals could abuse the banking crisis for so-called business e-mail compromise (BEC), also known as CEO fraud or a variant of spear phishing. They try to have bank details for transfers changed by employees of the paying company and to redirect them to their own accounts abroad. German start-ups could also be affected by the SVB crisis, such as HelloFresh and Lilium. BaFin is in contact with the German subsidiary of Silicon Valley Bank.