Silicon Valley Bank plight leveraged in phishing scam
Attackers devised a scheme to steal Microsoft credentials using fake DocuSign prompts supposedly coming from the failing Silicon Valley Bank (SVB).
Threat actors were apparently trying to capitalize on the uncertainty surrounding SVB, a US bank that federal regulators recently took over.
The scheme involved fraudsters sending victims scam emails that appeared to contain a legitimate document facilitated by DocuSign, an electronic agreement management business.
According to researchers at cybersecurity firm Inky, the phishing attacks came from virtual private servers associated with recently created domains.
Meanwhile, the fraudulent email looked identical to a legitimate one from DocuSign. The only catch is that the letter was customized to include the SVB logo, in an attempt to catch victims that might be worried about the situation surrounding the faltering bank.
The recipients of the phishing letter were led to believe that the email was sent from the SVB’s “KYC Refresh Team.” Know Your Customer (KYC), is a mandatory procedure banks and other institutions use to verify their clients’ identities, to guard against money laundering and similar crimes.
Victims clicking on “review document” within the email were redirected to another spoofed website, masquerading as a Microsoft login page. Any details entered there would fall into the attackers’ hands, and could then be used to facilitate other social engineering scams and related cybercrimes.