SVB Email Spoofing and Impersonation

SVB Email spoofing and impersonation

Silicon Valley Bank’s recent collapse has been the subject of much speculation in the past week, and now it seems that cybercriminals are taking advantage of the situation as well.

In an email impersonation phishing campaign, hackers are sending emails to customers of Silicon Valley Bank claiming to be from the bank’s customer service department. The emails inform customers about their account activity and ask them to click on a link to verify their information or update account details.

The links lead users to a website that looks like a legitimate Silicon Valley Bank website but is actually a fake site set up by hackers to steal user data.

The email spoofing attack is not new, but its use in this manner is. It’s important to remember that while you may receive emails from companies you deal with frequently, including your bank, always verify that they’re actually from those organizations before clicking any links or providing any personal information.

What is Email Phishing?

Email phishing is a type of online scam in which a fraudulent sender poses as a reliable entity, such as a bank, an online retailer, or a social media site, in order to trick the recipient into disclosing sensitive information, such as usernames, passwords, credit card information, or other personal or financial information.

The attacker typically sends a bogus email that appears legitimate, often with a link to a legitimate-looking website. The recipient is then prompted to enter their login credentials or other personal information, which the attacker then steals.

Phishing emails may also include attachments that install malware on the recipient’s computer or device, allowing the attacker to access their data, steal sensitive information, or engage in other malicious activities.

To avoid email phishing, be vigilant and cautious when opening emails from unknown senders or clicking on links in emails, particularly those that request personal information or appear suspicious. Before taking any action, always confirm the sender’s and the email’s legitimacy.

What is Email Spoofing? 

Email spoofing is a technique used by attackers to forge the sender’s email address in an email message, making it appear to have come from somewhere else. Because the recipient is more likely to trust an email that appears to be from a legitimate source, this technique can be used to carry out phishing attacks or to spread malware.

Email spoofing is accomplished by tampering with the email headers, which contain information about the sender, recipient, and subject of the email. Attackers can change the email headers using a variety of tools and techniques, such as using fake “From” addresses, changing the “Reply-To” address, or sending the message from a different email server.

Spoofed emails can be difficult to detect because they may appear to be from a reliable source or contain persuasive language that persuades the recipient to act. Mismatched or suspicious email addresses, unfamiliar or unexpected requests, and grammatical or spelling errors, on the other hand, can help identify a spoofed email.

To avoid email spoofing, use spam filters and anti-virus software, as well as exercise caution when opening emails from unknown senders or clicking on links in emails. Additionally, before taking any action, always confirm the legitimacy of the sender and email content, and report suspicious emails to your email provider or IT department.

How are Silicon Valley Bank email spoofing attacks launched?

Silicon Valley Bank (SVB) email spoofing attacks can be launched in a variety of ways, but most commonly they are initiated through social engineering tactics or by exploiting vulnerabilities in the email system or network infrastructure.

One way attackers may launch an SVB email spoofing attack is by creating a fake email address or domain that appears similar to the bank’s legitimate email address or domain. For example, an attacker may create an email address such as “[email protected]” and send emails to customers or employees, pretending to be an official representative of the bank.

Another way attackers may launch an SVB email spoofing attack is by compromising the email system or network infrastructure used by the bank or its customers. This can be done by exploiting vulnerabilities in software or hardware, using malware or phishing attacks to steal login credentials, or conducting a “man-in-the-middle” attack to intercept and modify email traffic.

Why are the attacks dangerous and hard to detect?

  • SVB emails were impersonated by attackers by editing the standard SVB HTML used in the original SVB emails.
  • The SVB logo appended to the outgoing emails was also copied on the spoofed emails making the attacks more sophisticated and harder to detect.
  • The original footers signed with SVB’s address were also copied and appended to the end of these fake emails 
  • The phishing emails offered the victim access to funds that exceeded the safe deposit limit of SVB which was $250,000, helping lure them in further. 
  •  Pressure tactics like including a close deadline of “17th March 2023” were used by attackers to urge their victims to make their decisions faster. This is a common social engineering mechanism used in spoofing and phishing attacks. 
  • The mail From: domain of SVB was spoofed by attackers to send emails pretending to be originating from SVB to their customers. This phishing email ultimately leads unsuspecting victims to a spoofed SVB website to steal their credentials and wire funds from their accounts. 

Source

How to protect your customers against email spoofing and phishing scams?

Email spoofing scams involving SVB (Silicon Valley Bank) can be avoided by taking the following precautions:

  • Enable email authentication: To prevent unauthorized senders from spoofing your domain, enable email authentication protocols such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC).
  • Employee education: Employees should be educated on email security best practices and how to identify phishing emails. To assist employees in recognizing phishing emails, provide regular training and phishing simulations.
  • Verify emails: Before taking any action, check your emails. Verify the sender’s email address and domain name. Hover over any links to ensure they take you to a legitimate website.
  • Use anti-phishing software: Anti-phishing software can detect and prevent phishing emails from reaching your inbox.
  • Implement Two-factor Authentication (2FA)/Multifactor Authentication (MFA): Use 2FA/MFA to add extra layers of security to email accounts. To access their account, users will need to enter a unique code sent to their mobile device or email.
  • Monitor email activity and set up alerts for suspicious activity, such as login attempts from unusual locations or devices. 

SVB (Silicon Valley Bank) is a financial institution based in Santa Clara, California, that primarily serves the technology and innovation industries. It provides a range of banking and financial services to startups, venture capital firms, and other technology-focused businesses. Silicon Valley Bank (SVB) collapsed after a bank run on March 10, 2023, becoming the second-largest bank failure in US history and the largest since the 2007-2008 financial crisis. 

Cyberattackers are taking advantage of this collapse to perpetrate various forms of online scams to defraud desperate victims who have their funds frozen in SVB. Exercising caution is of utmost importance in these times of crisis.

SVB email spoofing

Latest posts by Ahona Rudra (see all)
/by
PowerDMARC joins hands with Secureism to expand operations in PakistanPowerDMARC joins hands with Secureism to expand operations in Pakistan scaledChatGPT and cyber securityChatGPT and Cybersecurity