Cybersecurity Threat Advisory: New phishing campaigns

Cybercriminals have started new phishing campaigns that targets organizations and individuals who were members of affected banks. Fraudulent messages are being sent in an attempt to trick victims into revealing personal/account information such as social security numbers, passwords, and account numbers. Barracuda SOC recommends providing end-users with email security awareness training, implement email protection that includes artificial intelligence to prevent phishing attacks, and be extra vigilant before sharing any type of account information.

What is the threat?

Multiple banks have collapsed in recent weeks. During this heightened sensitivity, threat actors are using this as an opportunity to drive social engineering attacks. Phishing campaigns have been designed to take advantage of the banking crisis by impersonating cryptocurrencies, loan lenders, founders of financials teams, and more. Threat actors are pretending to be companies impacted by the bank failure incident and sending out phishing emails to extract users’ personal information.

Why is it noteworthy?

Threat actors are creating convincing fraudulent emails or text messages pretending to be a member of the collapsed bank and encouraging recipients to click links to re-activate frozen accounts or trick clients to transfer money to new accounts to recover funds. Finance employees are the most vulnerable as they have access to an organization banking information for billing/payments.

On March 10, 2023, Silicon Valley Bank failed, which was the largest failure of any bank since the 2007-2008 financial crisis and the second largest in U.S. history. Researchers are claiming threat actors might contact former clients/employees to offer fake services such as loans, legal services, and more, to obtain personal account information. “An attack already seen in the wild is from BEC threat actors who are impersonating SVB customers and telling customers that they need payments sent to a new bank account after the bank’s collapse” (Bleeping Computer).

Cybercriminals behind “cash4svb.com” attempted to phish former SVB trade creditors/lenders customers by promising to return between 65% and 85% to retrieve their contact information.

On March 13, 2023, it was observed that threat actors were hosting cryptocurrency scams as well. Customer were sent a “payback” program email, however when customer clicked the “Click Here to Claim” button it would attempt to attempts to compromise MetaMask, Exodus, and the Trust Wallet crypto wallets.

What is the exposure or risk?

The phishing campaigns/scams will continue to target organizations and individuals’ personal identifiable information and other account information that these bank entities own. Threat actors can steal customers information/identity, and steal money from the individual and organization causing further compromise.

What are the recommendations?

Barracuda SOC recommends the following actions to limit the impact of a phishing attack:

• Provide end-user security awareness training
• Ignore emails from unusual domains
• Do not click links without verifying if it is legitimate
• Implement Email Protection
• Confirm with financial institutions if they are requesting bank account details via phone

References

For more in-depth information about the recommendations, please visit the following links:

• https://securityboulevard.com/2023/03/the-failure-of-silicon-valley-bank-is-a-ground-shaking-crisis-and-a-cybersecurity-red-alert/
• https://www.bleepingcomputer.com/news/security/cybercriminals-exploit-svb-collapse-to-steal-money-and-data/
• https://www.cybersecuritydive.com/news/bank-failure-panic-fuel-threats/644949/
• https://cyberprotection-magazine.com/bank-collapse-drives-phishing-attacks
• https://nwi.life/article/bank-failure-phishing-scams/

If you have any questions, please contact our Security Operations Center.