The Corvus Team has observed threat actors taking steps to prepare for phishing campaigns exploiting recent U.S bank closures, which could lead to an increase in wire fraud. Here’s what you need to know.
The apparent financial instability of several banking institutions, most prominently Silicon Valley Bank, has led many organizations to change their banking relationships. This means in the coming days there will be an unusually large volume of communication about banking information between organizations and their customers, vendors and partners.
Any communication about sending or receiving payments carries risk: claims for fraudulent funds transfers (FFTs) are already the most frequent type experienced by Corvus customers. Since threat actors know that many organizations will be sending and receiving requests to change payment instructions, they will be poised to take advantage. In fact, Corvus has observed a large number of new website domain registrations with names that mimic bank login pages for use in phishing campaigns.
We encourage your organization to take the following steps to mitigate against potential attacks:
- Ensure your finance team has an out of band authentication (OOBA) process established. If there is no policy, or one is lacking detail, review this Corvus article for more information: Securing Funds Transfers (Out-of-Band Authentication and Other Considerations). The following practices are recommended to be included in your process:
- Verify all requests to transfer payments or update payment information by calling a known phone number, and speaking to a known voice.
- If you do not have a contact at that organization, go to the organization’s main website and call a main number on the website, asking to be routed to the accounts receivables department.
- Confirm receipt of a test deposit of a nominal value prior to making a bank account change for your vendor.
- Do not relax any security practices due to urgency by other parties — it’s better to slightly delay a payment than to send funds to a threat actor!
- Retrain all employees who deal with funds transfers on your company's payment policies, including your OOBA process. During the training, alert employees to the likelihood of increased phishing attacks.
- Remind employees that attackers may impersonate a financial institution, a vendor, a business contact, or a colleague (particularly executives or finance personnel).