Although the collapse of Silicon Valley Bank and Signature Valley Bank continue to dominate the news, one aspect isn’t getting heavy coverage: the cybersecurity risks the failures pose.
“When you turn the corner from a security standpoint, there’s sort of a branch of the tree that starts affecting the vendors and customers of those depositors,” said Andrea Biagioli, CFO of Kansas City-based cloud security startup Tenfold Security.
With companies switching accounts to other banks, it could be easy for vendors or customers to fall for an email phishing scam trying to route payments to a new account. Fraudsters could leverage social engineering and Business Email Compromise (BEC), a cyber scam in which criminals send an email that appears to come from a known source making a legitimate request. They could make an email account look authentic by using a variation of a company’s email address and trick recipients into revealing confidential details or making a wire transfer.
“Whenever there’s a huge event like this, somebody’s always going to try and capitalize on it from a threat actor or just from a financial perspective,” Tenfold Security CEO and co-founder Jon Broek said. “So while things are being worked out, you need to make sure you’re sending your money where it should actually be going. … As long as it’s still in the news cycle, people are going to try to go after it (as a cyber scam target).”
Biagioli pointed out that other banks are being reviewed for their creditworthiness, which also opens the door to cyber criminals posing as a company that’s switching its account to a new bank and requesting payments be made there.
“We’ve worked with clients who have gotten phone calls from somebody saying they’re in the accounting department,” she said. “Even the most complex accounts payable departments have been taken for tens of thousands of dollars simply by routing their funds to the wrong place.”
Broek said even Biagioli receives weekly emails from cyber criminals posing as him and asking her to make wire transfers or fulfill other payment requests.
Biagioli said companies need to use a variety of checks and balances to validate information and ensure they’re sending payments to the right place. Look closely at email addresses, for example, and call a known point of contact to verify whether a company is changing its account details.
© 2023 American City Business Journals. All rights reserved. Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement (updated January 24, 2023) and Privacy Policy (updated January 24, 2023). The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of American City Business Journals.