PL Risk Blog

Banking Chaos the Perfect Storm for Hackers

Written by Drew Smith | Mar 24, 2023 1:27:08 PM

potential of another 2008 level financial crisis. Though governments and regulators have sought to reassure the public that they are sound, there is a hidden danger associated with these bank runs. This chaotic environment has allowed hackers and malicious actors to take advantage to attempt to steal your money.

The chaos began around March 7th when Silicon Valley Bank (SVB) reported a post-tax $1.8 billion dollar loss. The bank, a favorite for tech and venture capital backed industries had over $175 Billion dollar in deposits. This normally wouldn’t be an issue except in recent months the federal interest rates had been increased. With most of their money in bonds which suddenly lost value they needed more capital to pay depositors. This created a panic which made many depositors pull their money, causing a bank run. In one day, depositors withdrew $42 billion from SVB and forced them to sell bonds at a loss resulting in even more panic As a result, the FDIC took over the bank and assured depositors they would be able to get their money.(1)

Although the FDIC insures deposits of up to $250,000 (500,000 for joint accounts) due to the nature of this bank, many depositors had $50M, 100M or even more which were not insured. It is reported, Roku had $487M in this bank alone. (2)This chaos then spread into the rest of the banking sector as another bank, Signature Bank, failed causing more people to want to pull their money out, over 17.8 billion on March 12th alone forcing the FDIC to take it over. (3) Over the course of the next few days, First Republic, and Credit Swisse also began to worry depositors and investors.

Amid all of this, there’s a hidden danger to all of this. With so much money in limbo and being moved around, malicious actors are taking advantage of the insanity. They know that people are trying to get their money out of banks and are opening new accounts. This is a perfect opportunity for hackers to send malicious emails claiming that your vendors, banks, employees have updated their banking information. So, they resort to their normal tactics of spoofing the banks and the various emails that might not get caught normally. Depositors, already in a panic because of a potential recession caused by bank collapses, see the email, think its from their bank, vendor client etc. and open it. They put their credentials and boom, their money is not theirs anymore as the actor pulls your funds and walk away with no one the wiser until you check the bank and realize where your fund has gone.

According to Mike Smith, President and CEO of PL Risk Advisors, LLC, “In one day we received four requests for a change in banking information. Two were legitimate and two were not. Our processing requires a verbal confirmation with the last known contact before we change any banking information.”

There are some protective strategies that can be employed to help protect your money from these phishing attacks. Track your financial data thoroughly: You want to have a record of your current assets and have ways to access them if there is an issue.

There are some protective strategies that can be employed to help protect your money from these phishing attacks.

  1. Always verbally confirm any changes to standing banking information for clients, vendors, banks, employees or others. When verbally confirming do so directly with the last known contact. Never call the number on the email as it comes from the fraud actor.
  2. Maintain a list of valid contacts for all employees, vendors, clients, banks, credit cards etc.
  3. Never enter your credentials from an email sent to you. Always go directly to the site of the bank, vendor etc.
  4. Make sure you enable Multifactor Authentication on all banking, systems, emails and other site to ensure hackers can’t directly change your accounts.
  5. Review your cyber security protocols: Change your passwords regularly, never share them with anyone. Enable Dual factored authentication to help control when your accounts are accessed.
  6. Stay on top of the threats: Threats evolve every day. One day you’ll be worried about fake texts, the next a massive cyber breach happens. The best defense in this situation is constant vigilance and training your staff on what to look for.(4)

 

With the chaos of the banking section affecting everyone, hackers and malicious actors will take advantage of the chaos to start going after people’s financials. This is the time for people to understand what their security measures are and to increase their vigilance surrounding their assets.