Cybercriminals are opportunistic and will capitalize on unpatched systems, current global events or known vulnerabilities.
The Silicon Valley Bank and Signature Bank collapses will attract cybercriminals to exploit the situation and take advantage of consumer anxiety and the sense of urgency permeating the markets.
Cybercriminals will likely harness social engineering attacks that go beyond everyday phishing scams through several attack strategies – and consumers and businesses should be on the alert and understand how to protect themselves. Scams can come in many forms but here are a few to be on the lookout for:
- Targeted phishing attacks that attempt to convince SVB or Signature customers to click through to read the latest news about the banks and/or their accounts, using links that redirect customers to fake sites designed to steal their credentials.
- E-mails that claim to offer services to help customers quickly get around their lost or locked funds.
- Messages that appear to come from alternative banks that encourage customers to register for new services or accounts through fake websites that exist specifically to collect and exploit their personal information.
Cybercriminals will use these types of scams to collect and reuse an unassuming customer’s personal data – but could also use them as a means to exploit vulnerabilities on personal devices and open the door to future ransomware attacks. This is not a new phenomenon. Spoofed financial services sites increased nearly 3% to represent the majority of the top targeted industries (55%) between the third and fourth quarters of 2022. Of this group, credit unions and regional banks represented a significant portion of targets for attack.
Firms must protect themselves from these kinds of attacks and ensure their employees remain vigilant and take precautions against new scams and be sure to:
- Verify sender information, including e-mail domains to avoid typosquatting attacks
- Avoid clicking on URL’s or attachments from unknown parties
- Only transfer Personally Identifiable Information (PII) through approved and secure portals
These bank collapses clearly demonstrate that the time is now for businesses to carefully evaluate their operational resilience plans, particularly those businesses in critical infrastructure sectors like banking. While traditional Business Continuity Plans have evolved in recent years largely due to the high risks associated with hybrid working arrangements, businesses need to understand that the highest risks are now predominantly associated with areas such as outsourced services. This is a stark reminder that businesses must prioritize and understand how resilient those third-party services truly are and act immediately to identify and mitigate any supply chain risks.
Does your financial institution have a handle on its business continuity and operational resilience? Reach out to Drawbridge experts and we’ll offer our recommendations taking your firm’s cybersecurity maturity and needs into account.