How the Collapse of Silicon Valley Bank May Lead to a Surge in Fraud Activity
Over the span of a few short days, Silicon Valley Bank (or SVB) went from a cutting-edge financial innovator to a shuttered institution.
The collapse came quickly, beginning with a selloff of about $21 billion of securities from the bank's portfolio on March 8. This was followed by a mass selloff of SVB stock over the next two days. Depositors descended on brick-and-mortar branches, initiating an old-fashioned bank run. Things finally came to a head when California regulators shut the bank and appointed the Federal Deposit Insurance Corporation (FDIC) as receiver on March 10.
A joint statement by the Department of the Treasury, the Federal Reserve, and the FDIC released over the weekend attempted to reassure depositors and the public at large. “Depositors will have access to all of their money starting Monday, March 13,” the statement insisted, while also promising that “no losses associated with the resolution of Silicon Valley Bank will be borne by the taxpayer.”
Regardless, the fallout from the SVB collapse has been sudden and dramatic. By Monday afternoon, other institutions like First Republic and PacWest Bancorp saw stock price drops of 50% or more. Depositors and even everyday consumers panicked and rushed to pull out funds from other institutions across the globe.
Recommended reading
The situation continues to evolve with each hour. SVB depositors, as well as the public, are understandably anxious. Bank customers need access to their funds, and are watching intently for any new developments that could affect their account.
Of course, there is also an unsavory element among the public that is always looking for opportunity in a situation like this. What we mean, of course, is that this environment is a prime opportunity for financial and commercial fraud.
Fraudsters: A Resourceful & Opportunistic Lot
People who engage in fraud as a profession are highly resourceful and opportunistic. They thrive on confusion, and are more than happy to take advantage of other peoples’ misfortune to try and make some easy money.
Thousands of SVB depositors are waiting anxiously for any updates regarding the status of their accounts. It wouldn’t be difficult for a fraudster to approach one — or several — of those desperate finance managers or startup founders, pretending to be an SVB official, or even a US federal regulator.
In the present context, tactics like social engineering and business email compromise (BEC) are serious threats.
With a social engineering attack, the scammer uses psychological manipulation to trick their victim into divulging sensitive information. For instance, one might use fake credentials to impersonate an FDIC official. The attacker then asks the target for account details, or even to provide access to secure accounts, for the purpose of routing the funds they’ve been promised.
This can be even more compelling if paired with a BEC hack. If the scammer actually manages to get control of an email account with an “@fdic.gov” domain, it could be very hard to tell them from a genuine FDIC official.
A targeted individual might not fall for such a scam under normal circumstances. However, in the current climate, it’s not hard to imagine someone conducting less due diligence than they should. This is especially true if the fraudster is a skilled actor.
Impact of SVB Collapse Will Reverberate Through Market
Of course, while Silicon Valley Bank customers are the primary concern at the moment, they may not be the only ones in danger here.
High-profile incidents in payments or finance tend to reverberate throughout the space. Sectors of the market that were not directly affected in any way might still pick up on these vibrations over the coming weeks and months.
For instance, we may see an uptick in phishing scams and other fraud activity in 2023 as a result of this attack. Scammers will target not just SVB account holders, but consumers in general.
Additionally, thousands of SVB account holders will be looking to move their finances to other institutions. Each of those account holders works with dozens — even hundreds — of suppliers, vendors, logistics companies, etc. Finance departments all over the world could be bombarded with requests for account updates. In this environment, it’s not hard to envision a few malicious bank change requests getting approved by accident.
Businesses Should Take Preventative Action
As of this writing, it’s only been a week since the Silicon Valley Bank collapse. It’s too early to have identified any trends in fraud activity directly tied to the incident. However, that makes the present a critical time, as the first layer of defense is awareness of potential threats.
It's crucial that SVB account holders — as well as everyday consumers — be extremely cautious at this time. Know the signs of BEC attacks, as well as phishing scams and other fraud red flags.
Finance managers should be aware of potential scams, and know not to take any claims at face value. It’s a good idea to provide refresher training for team members regarding fraud prevention and cybersecurity best practices.
Businesses should also review their existing procedures and amend as needed. Be watchful of suspicious behaviors among customers like repeated failed logins, multi-factor authentication failures, and IP mismatches. Any of these might be signs of attempted account takeover that might lead to business email compromise.
It may be necessary to incorporate additional layers of fraud detection and monitoring into one’s processes. Effective fraud detection is based around a number of principles, including both education and refining rulesets as we mentioned above, plus:
- Pattern Recognition
- Deploying the Right Tools, in the Right Manner
- Analyzing & Learning From Past Data
Institutions, and even individual finance teams, should be monitoring any requests for changes to account receivable information, and subjecting them to additional scrutiny. It may be wise to adopt a policy to disallow funds transfers involving any account modified within 14 days.
Finally, one should carefully monitor any requests for information, and vet anyone who claims to be tied to SVB or a financial regulator. Any unsolicited communication from either of these parties is probably a scam.
Best Practices are the Best Option
This is a hectic and confusing time, and confusion always redounds to the benefit of bad actors. Even amid chaos, it’s everyone’s responsibility to take the necessary steps to avoid falling victim to fraud.
Raising awareness of threat exposure within one’s company, optimizing security procedures, and improving threat monitoring are all vital at this moment. The situation surrounding the SVB fallout remains fluid, but adhering to best practices is never the wrong move.
