Reports of cybercriminals registering suspicious domains after the Silicon Valley Bank shutdown indicate potential coordinated campaigns to trick account holders and users across industries, including tech, life sciences, and investment firms. Learn how to avoid these phishing attacks.
Table of Contents
Since the news about Silicon Valley Bank (SVB) dropped, much of the focus has been on how the shutdown happened and the implications for the industry and the economy at large. However, amidst the worry about the impacts lies another danger—the risk of increased cyber-attacks, particularly from phishing attempts and other social engineering. Of course, it is essential always to remain vigilant, but bad actors often take advantage of opportunities like this to ramp up their efforts.
A sudden change in business procedures can create a vulnerable window of opportunity for cybercriminals to launch malicious campaigns. As we’ve seen with other incidents, attackers have taken advantage of any vulnerabilities arising from the disruption to perpetrate attacks on other companies.
It has been reported that cybercriminals have been registering suspicious domains after the Silicon Valley Bank shutdown that can be used in coordinated campaigns to trick end-users into sharing sensitive information.
With this in mind, organizations must remain extra vigilant for phishing attempts and other social engineering tactics during times of uncertainty that cybercriminals can exploit.
How to Avoid Phishing Attacks?
Here are some tips to help your firm avoid phishing attacks:
- Expect an increase in phishing, social engineering, and phone calls and email attempts to gain access to your data and accounts.
- Attackers will use language to appeal to your emotions. For example, click this now, urgent, your money is running out, etc.
- Finance teams must carefully verify and validate any account changes or new account requests.
- Implement multifactor authentication if your organization does not already employ it.
- Ensure that employees are aware of the increased risk and ensure they can recognize social engineering and phishing attempts.
- Follow up with a regular training program for end-users to ensure employees are always ready to identify the latest tactics utilized by cyber attackers.
What is a common indicator of a phishing attempt?
- Here are some of the usual signs of an email phishing attempt. Often phishing schemes will include several of these markers.
- An email sent from an address that does not match the domain associated with the sender. For example, if you receive an email from someone claiming to be from SVB but with a different domain name in the “from” field, this should be a red flag.
- Emails with misspelled words and grammatical or syntax errors could also signal a malicious attempt.
- Emails that include links or attachments should be carefully scrutinized. It is always best to err on the side of caution and not click links or open attachments until you can confirm that they are from a trusted source.
- Unsolicited emails that ask for or direct you to a link or document asking for personally identifying information (PII) like passwords, wire transfer details, login credentials, or other sensitive data should be treated with extreme caution.
- Finally, if an email contains a sense of urgency, includes offers of immediate assistance, or requests payment now, this could be a sign of a phishing attempt. Again, be sure to take the time to independently verify the request before taking any action.
If you encounter any of these signs, it is best to flag the email and alert your IT department immediately. Taking precautions to protect yourself from phishing attempts is critical in safeguarding your company’s data.
It is essential to remain vigilant when there is heightened risk from cyber criminals taking advantage of a highly volatile situation like SVB’s recent closure. By following best practices such as implementing multifactor authentication, conducting end-user training, and relying on a multilayered cybersecurity program, you can protect your business from cyber criminals looking to take advantage of the uncertainty during this and the next inciting incident.