Addressing Cybersecurity Threats Associated with the SVB Closure

The Silicon Valley Bank (SVB) closure has created opportunities for threat actors to launch more convincing email attacks. Here's how to lower your risk.
March 15, 2023

We’ve seen it time and time again: threat actors love to capitalize on the disruption created by major unexpected events to launch attacks that exploit uncertainty and confusion.

The Silicon Valley Bank (SVB) closure is no exception.

With the sudden shuttering of SVB—the largest bank to fail since the 2007-2008 financial crisis—cybercriminals have been out in full force. And, unfortunately, they have copious angles of attack at their disposal. However, being aware of what kinds of tactics to look out for and having plans in place to verify the authenticity of any email correspondence related to SVB can help minimize your risk considerably.

Read on to learn a few ways threat actors are likely to take advantage of the SVB closure and how you can protect your organization.

Why the SVB Closure Increases Cybersecurity Risks

The SVB closure represents a near-perfect opportunity for threat actors to engage in business email compromise, credential phishing, invoice and payment fraud, and supply chain compromise.

Businesses that had been customers of SVB now have a laundry list of finance-related issues they have to resolve—and quickly. And even if an organization had no direct ties to SVB itself, it may work with vendors who were SVB account holders that now need to update their billing and payment information.

In short, there are dozens (if not hundreds) of legitimate requests and announcements that each of SVB’s 40,000 former customers will need to communicate via email in the coming weeks. And this means attackers have ample chances to slide into the incoming flood of emails undetected.

Examples of SVB-Related Cyberattacks and Fraud

The most common attack Abnormal has already observed involves actors impersonating vendors, suppliers, or partners requesting to update their bank account details from SVB to a new bank.

SVB Email Example E

Example of recent payment fraud attack capitalizing on SVB closure observed by Abnormal

Here are some examples of other internal and external impersonation attacks to look out for:

  • Emails purportedly from the CFO, an HR team member, or an accounting specialist informing employees they need to register an online account with the company’s new bank

  • Threat actors impersonating the CFO or other high-level executives requesting that the accounts receivable department update the company’s wiring instructions

  • Attackers claiming to be either an executive at the target organization or a representative from SVB sending instructions for transitioning to a new bank

  • Emails allegedly from officials from the FDIC informing targets that assistance with covering payroll is available and inviting recipients to click on a link to accept

  • Attackers posing as third-party vendors targeting former SVB account holders claiming invoices due in early March weren’t paid

While this list is certainly not exhaustive, it illustrates just how many different ways threat actors can exploit the SVB closure to compromise employee accounts, reroute payments, and/or gain access to your internal network.

One effective way to reduce your exposure to these threats is to invest in technology that blocks advanced email attacks before they can even be delivered.

Proactively Blocking Malicious Emails with Behavioral AI

Modern threat actors have evolved their tactics, crafting sophisticated emails that not only bypass traditional security tools but also appear completely legitimate to the average employee. With alarming frequency, employees are being duped by these surprisingly convincing malicious emails. In fact, in our H1 2023 Threat Report, we found that the median open rate for text-based business email compromise attacks was nearly 28%.

Abnormal is uniquely positioned to solve this problem.

Our technology takes a fundamentally different approach from traditional email security solutions, with advanced detection and remediation capabilities to discover and block financially-motivated malicious emails. Using an API-based architecture, Abnormal ingests thousands of signals about your employees and their day-to-day activities to build a baseline of known-good behavior of every user across your organization and supply chain.

Additionally, our AI/ML-based detection engine automatically learns the relationships and communication patterns between your employees and vendors—including message frequency, tone, and content as well as past bank accounts used and more. Further, because Abnormal’s VendorBase™ federates insights about vendors across our entire customer base, once a vendor has been flagged for one customer, the platform can block emails from that same vendor for all other customers.

Finally, Abnormal uses advanced AI techniques such as natural language processing, natural language understanding, and image processing to precisely detect and automatically remove malicious emails exhibiting anomalous behavior to prevent end-user engagement.

Reduce your financial risk today! - See a Demo

Additional Steps to Reduce Your Vulnerabilities

For the foreseeable future, companies across the globe will be navigating the increased cybersecurity risks associated with the SVB closure. On top of adopting an intelligent email security solution, consider implementing the following safeguards:

  • Conduct refresher security awareness training for all executives and front-line employees, with a particular focus on the kinds of attacks listed above.

  • Encourage employees to report any suspicious emails to the security team and not simply delete any messages they believe are fraudulent.

  • Call to verify any requests to update bank account details or offers of assistance sent via email using a publically available number—not the contact number provided in the email.

  • Even if an email has the expected sender email address (i.e., it contains no misspellings or character substitutions), still manually verify all finance-related requests as the account may have been compromised.

  • If the first fund transfer to a new account involves a large sum of money, transfer a small amount first, call to confirm the transaction was successful, and then transfer the remaining funds.

Keeping Your Organization Safe from Sophisticated Email Attacks

Cybercriminals will always capitalize on any opportunity to make their attacks more believable. Therefore, understanding your organization's specific vulnerabilities and maintaining a proactive approach to cybersecurity is key to protecting your workforce from the full spectrum of email attacks.

Reduce Your Financial Risk Today! - See a Demo
Addressing Cybersecurity Threats Associated with the SVB Closure

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B travelscams
Cybercriminals exploit stolen financial data to offer consumers heavily discounted travel deals. Learn how these email scams work and tips to avoid falling victim to them this summer travel season.
Read More
B Earn Your CPE Credits with Abnormal
Earn your continuing education credits with ISC2 by viewing cybersecurity content from Abnormal Security.
Read More
B Seg Lessons
Discover key insights gleaned from replacing 100+ SEGs for Abnormal customers.
Read More
B Europe Attack Data Blog
Discover what our research uncovered about the European threat landscape and attack trends for organizations in the region.
Read More
Abnormal aims to provide superior detection of email attacks while also directly and indirectly influencing the security awareness of your employees.
Read More
B 6 3 24 BEC Attacks
Discover how cybercriminals obtain corporate data from brokers like ZoomInfo and Apollo to enable targeted business email compromise (BEC) attacks.
Read More