Addressing Cybersecurity Threats Associated with the SVB Closure

The Silicon Valley Bank (SVB) closure has created opportunities for threat actors to launch more convincing email attacks. Here's how to lower your risk.
March 15, 2023

We’ve seen it time and time again: threat actors love to capitalize on the disruption created by major unexpected events to launch attacks that exploit uncertainty and confusion.

The Silicon Valley Bank (SVB) closure is no exception.

With the sudden shuttering of SVB—the largest bank to fail since the 2007-2008 financial crisis—cybercriminals have been out in full force. And, unfortunately, they have copious angles of attack at their disposal. However, being aware of what kinds of tactics to look out for and having plans in place to verify the authenticity of any email correspondence related to SVB can help minimize your risk considerably.

Read on to learn a few ways threat actors are likely to take advantage of the SVB closure and how you can protect your organization.

Why the SVB Closure Increases Cybersecurity Risks

The SVB closure represents a near-perfect opportunity for threat actors to engage in business email compromise, credential phishing, invoice and payment fraud, and supply chain compromise.

Businesses that had been customers of SVB now have a laundry list of finance-related issues they have to resolve—and quickly. And even if an organization had no direct ties to SVB itself, it may work with vendors who were SVB account holders that now need to update their billing and payment information.

In short, there are dozens (if not hundreds) of legitimate requests and announcements that each of SVB’s 40,000 former customers will need to communicate via email in the coming weeks. And this means attackers have ample chances to slide into the incoming flood of emails undetected.

Examples of SVB-Related Cyberattacks and Fraud

The most common attack Abnormal has already observed involves actors impersonating vendors, suppliers, or partners requesting to update their bank account details from SVB to a new bank.

SVB Email Example E

Example of recent payment fraud attack capitalizing on SVB closure observed by Abnormal

Here are some examples of other internal and external impersonation attacks to look out for:

  • Emails purportedly from the CFO, an HR team member, or an accounting specialist informing employees they need to register an online account with the company’s new bank

  • Threat actors impersonating the CFO or other high-level executives requesting that the accounts receivable department update the company’s wiring instructions

  • Attackers claiming to be either an executive at the target organization or a representative from SVB sending instructions for transitioning to a new bank

  • Emails allegedly from officials from the FDIC informing targets that assistance with covering payroll is available and inviting recipients to click on a link to accept

  • Attackers posing as third-party vendors targeting former SVB account holders claiming invoices due in early March weren’t paid

While this list is certainly not exhaustive, it illustrates just how many different ways threat actors can exploit the SVB closure to compromise employee accounts, reroute payments, and/or gain access to your internal network.

One effective way to reduce your exposure to these threats is to invest in technology that blocks advanced email attacks before they can even be delivered.

Proactively Blocking Malicious Emails with Behavioral AI

Modern threat actors have evolved their tactics, crafting sophisticated emails that not only bypass traditional security tools but also appear completely legitimate to the average employee. With alarming frequency, employees are being duped by these surprisingly convincing malicious emails. In fact, in our H1 2023 Threat Report, we found that the median open rate for text-based business email compromise attacks was nearly 28%.

Abnormal is uniquely positioned to solve this problem.

Our technology takes a fundamentally different approach from traditional email security solutions, with advanced detection and remediation capabilities to discover and block financially-motivated malicious emails. Using an API-based architecture, Abnormal ingests thousands of signals about your employees and their day-to-day activities to build a baseline of known-good behavior of every user across your organization and supply chain.

Additionally, our AI/ML-based detection engine automatically learns the relationships and communication patterns between your employees and vendors—including message frequency, tone, and content as well as past bank accounts used and more. Further, because Abnormal’s VendorBase™ federates insights about vendors across our entire customer base, once a vendor has been flagged for one customer, the platform can block emails from that same vendor for all other customers.

Finally, Abnormal uses advanced AI techniques such as natural language processing, natural language understanding, and image processing to precisely detect and automatically remove malicious emails exhibiting anomalous behavior to prevent end-user engagement.

Reduce your financial risk today! - See a Demo

Additional Steps to Reduce Your Vulnerabilities

For the foreseeable future, companies across the globe will be navigating the increased cybersecurity risks associated with the SVB closure. On top of adopting an intelligent email security solution, consider implementing the following safeguards:

  • Conduct refresher security awareness training for all executives and front-line employees, with a particular focus on the kinds of attacks listed above.

  • Encourage employees to report any suspicious emails to the security team and not simply delete any messages they believe are fraudulent.

  • Call to verify any requests to update bank account details or offers of assistance sent via email using a publically available number—not the contact number provided in the email.

  • Even if an email has the expected sender email address (i.e., it contains no misspellings or character substitutions), still manually verify all finance-related requests as the account may have been compromised.

  • If the first fund transfer to a new account involves a large sum of money, transfer a small amount first, call to confirm the transaction was successful, and then transfer the remaining funds.

Keeping Your Organization Safe from Sophisticated Email Attacks

Cybercriminals will always capitalize on any opportunity to make their attacks more believable. Therefore, understanding your organization's specific vulnerabilities and maintaining a proactive approach to cybersecurity is key to protecting your workforce from the full spectrum of email attacks.

Reduce Your Financial Risk Today! - See a Demo
Addressing Cybersecurity Threats Associated with the SVB Closure

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22

Related Posts

B 2024 Cybersecurity Predictions
As AI becomes more prevalent in the new year, discover how our experts believe the world will change—for both good and bad.
Read More
B 11 27 23 ATO Stats
Account takeover allows threat actors to steal sign-in credentials and access an organization's network. Read some eye-popping stats about ATO cost and frequency.
Read More
B Unmasking Vendor Fraud
Learn about the techniques, tools, and technologies we use to train the models that form the backbone of our vendor fraud detection.
Read More
Get the latest insights from the 2023 ISC2 Cybersecurity Workforce Study, including which skills are most sought-after, how careers have changed, and how AI is affecting the industry.
Read More
B Good Bad Ugly Future of AI
Hear about positive and malicious use cases of AI and how to protect against novel threats in this recap from Chapter 3 of our Convergence of AI + Cybersecurity series.
Read More
B Cryptocurrency Donations Attack
Attackers attempt to solicit fraudulent donations via cryptocurrency transfers under the guise of collecting donations for children in Palestine.
Read More