As we explored 48 hours ago, the recent turbulence in the banking sector provided a potential opportunity for threat actors to launch attacks.
So it comes as no surprise that we’re starting to see domains spun up for just such purposes. Tessian’s Threat Intel Team have been monitoring the situation as it unfolds, and found that multiple domains featuring both SVB and HSBC were registered. Malicious domains are being added to Tessian’s Unified Threat Feed to proactively protect our customers from future phishing attacks.
What is interesting about this is that some are for legitimate, if a little unorthodox, activities like driving traffic, marketing and selling merchandise. It’s in this ‘fog of war’ that bad actors like to hide, and clearly some have been registered with attacks in mind. So let’s look at those first.
Siiiconvalleybank[.]com and siliconvalleybonk[.]com have clearly been set up to launch impersonation attacks, hoping people don’t notice those typos in the URLS.
Other examples include myaccount-hsbc[.]com and thesiliconvalleybank[.]com. Meanwhile Svb-usdc[.]com and svb-usdc[.]net are both already set up to launch phishing attacks.
Google is already blocking these and alerts any visitors to that effect. Exploring beyond that warning reveals a ‘lookalike’ site offering a reward program and clicking ‘claim’ opens a QR code.
Fake URLs to drive traffic
Some of the newly registered URLs are also being used to drive traffic. hsbcinvestdirect.co[.]in uses HSBC brand in order to gain more traffic for an Indian-based website with adult content. Meanwhile SVBlogin[.]com loads up All Day Capital Partners website offering to ‘help’ SVB customers.
Many of the others are cybersquatting, no doubt hoping to sell on, while others registered but don’t contain any content or redirect, as if waiting to see how things pan out. Perhaps one of the oddest is svbbankrun2023[.]com, which hosts a merchandise shop selling SVB-themed items.
Tessian Recommends: The following list should be used as a blocklist at your own risk, but we advise adding the newly registered domains on a watchlist for monitoring purposes. |
Here’s a full list of SVB and HSBC URLs we’ve documented so far.
Hsbcsvb[.]com
Siiiconvalleybank[.]com
Login-svb[.]com
Svbankcollapseclaimants[.]com
Svbankcollapselawsuit[.]com
Svblawsuits[.]com
Hsbcinvestdirect.co[.]in
Svbanklegal[.]com
Svbankcollapse[.]com
Svbankcollapseclaims[.]com
siliconvalleybankfilm[.]com
siliconvalleybankcrash[.]com
siliconvalleybankcollaps[.]com
siliconvalleybankcolapse[.]com
siliconvalleyfederalbank[.]us
silliconvalley[.]ink
siliconvalleyfederalbank[.]net
siliconvalleybank-usdc[.]com
siliconvalleybonk[.]com
ziliconvalley[.]sk
siliconvalleybankcustomerservice[.]com
siliconvalleybankhelp[.]com
siliconvalleyentrepreneursbank[.]com
siliconvalleybankcreditors[.]com
siliconvalleyentrepreneurbank[.]com
siliconvalleybankclasaction[.]com
wwwsiliconvalleybankclassaction[.]com
siliconvalleybankfailures[.]com
siliconvalleybanksettlement[.]com
siliconvalleybank[.]xyz
siliconvalleybank[.]lol
siliconvalleyfederalbank[.]biz
siliconvalleyfederalbank[.]lol
siliconvalleybankmovie[.]com
siliconvalleybank[.]biz
siliconvalleybn[.]com
siliconvalleybanklawsuit[.]com
siliconvalleybankclassaction[.]com
siliconvalleybankreceivershipcertificate[.]com
siliconvalleybankcollapse[.]com
siliconvalleybust[.]com
svbbankrun2023[.]com
svbalternative[.]com
svbankclassaction[.]com
svbanklawsuit[.]com
svb-cash[.]com
svbfdic[.]com
svbwiki[.]com
svbcollapseexplained[.]com
banksvb[.]com
svbdeposit.fyi
svbcollapse[.]net
svbbailout[.]org
fucksvb[.]com
svbcoin[.]xyz
svbchain[.]xyz
svb-usdc[.]com
svb-usdc[.]net
svbfailure[.]com
svbopenletter[.]com
svbplaintiffs[.]com
svbinfo[.]com
svbbankrun[.]com
svbrecovery[.]com
svbmeltdown[.]fyi
wefundsvbclients[.]com
svbreceivership[.]com
svblogin[.]com
svbcollapse[.]com
svbclaim[.]com
svbdebt[.]com
svbclaims[.]net
svbbailout[.]com
svbi[.]io
svbank[.]com
hsbcbdubai[.]com
hsbc079[.]com
hsbc757[.]com
Hsbc736[.]com
hsbc119[.]com
hsbc719[.]com
hsbc938[.]com
Hsbc891[.]com
Hsbc-premium[.]com
Hsbckyc[.]com
Hsbclogin[.]co
Myaccount-hsbc[.]com
Thesiliconvalleybank[.]com
1svb[.]com
Circle-svb[.]com
Svb2023[.]com
Svbgate[.]com
Svbtoken[.]com
Svbnfts[.]com
whatissvb[.]com
Tessian Threat Engineering Group
Tessian Threat Engineering Group