This content is viewable by Everyone
Mar 2023: Attacks Use Silicon Valley Bank-Related Lures
Threat Alert: What to Watch For
- Following the collapse of Silicon Valley Bank (SVB), cybercriminals have launched phishing attacks to take advantage of the high-profile event.
- One widespread lure impersonates Circle, the peer-to-peer payments company that manages the cryptocurrency USDC. The lure encourages recipients to click an offer link to redeem a one-to-one exchange between the cryptocurrency USDC and the U.S. dollar.
- Following the alleged Circle link will lead to the installation of a cryptocurrency wallet that, when certain conditions are met, will steal all of the recipient’s cryptocurrency.
- Other attacks may to take advantage of the uncertainty around SVB to spread phishing lures. Watch for telltale signs of phishing attacks, including mismatches between an email’s sending address and the alleged sender, numerous or blatant typos, or familiar-looking login pages with unfamiliar URLs.
Key Action: Report Suspicious Emails
- Report ANY suspicious emails using the Phish Alarm button in your email menu bar.
- Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above.
- If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part.
- If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it.
Tips to Remember (at Work and at Home)
- Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.
- Beware of “too good to be true” offers, particularly during times of economic uncertainty when you may be worried about how to best preserve the worth of investments.
- Remember that cybercriminals commonly leverage current events in phishing attacks. High profile events like the collapse of a spark a lot of interest and conversation. Attackers know people will be tempted to engage with emails that mention these kinds of topics.