Proofpoint closes acquisition of Tessian. Read More ->

Request a demo
Request a demo
Request a demo
Request a demo
Request a demo

Dozens of SVB and HSBC-themed URLs Registered

Tessian Threat Engineering Group • Wednesday, March 15th 2023
Dozens of SVB and HSBC-themed URLs Registered

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

As we explored 48 hours ago, the recent turbulence in the banking sector provided a potential opportunity for threat actors to launch attacks.

So it comes as no surprise that we’re starting to see domains spun up for just such purposes. Tessian’s Threat Intel Team have been monitoring the situation as it unfolds, and found that multiple domains featuring both SVB and HSBC were registered. Malicious domains are being added to Tessian’s Unified Threat Feed to proactively protect our customers from future phishing attacks.

What is interesting about this is that some are for legitimate, if a little unorthodox, activities like driving traffic, marketing and selling merchandise. It’s in this ‘fog of war’ that bad actors like to hide, and clearly some have been registered with attacks in mind. So let’s look at those first. 

Siiiconvalleybank[.]com and siliconvalleybonk[.]com have clearly been set up to launch impersonation attacks, hoping people don’t notice those typos in the URLS.

Other examples include myaccount-hsbc[.]com and thesiliconvalleybank[.]com. Meanwhile Svb-usdc[.]com and svb-usdc[.]net are both already set up to launch phishing attacks.

SVB and or HSBC

Google is already blocking these and alerts any visitors to that effect. Exploring beyond that warning reveals a ‘lookalike’ site offering a reward program and clicking ‘claim’ opens a QR code.

SVB and or HSBC

SVB and or HSBC

Fake URLs to drive traffic

Some of the newly registered URLs are also being used to drive traffic. hsbcinvestdirect.co[.]in uses HSBC brand in order to gain more traffic for an Indian-based website with adult content. Meanwhile SVBlogin[.]com loads up All Day Capital Partners website offering to ‘help’ SVB customers.

Many of the others are cybersquatting, no doubt hoping to sell on, while others registered but don’t contain any content or redirect, as if waiting to see how things pan out. Perhaps one of the oddest is svbbankrun2023[.]com, which hosts a merchandise shop selling SVB-themed items.

SVB and or HSBC

 

Tessian Recommends: The following list should be used as a blocklist at your own risk, but we advise adding the newly registered domains on a watchlist for monitoring purposes.

Here’s a full list of SVB and HSBC URLs we’ve documented so far. 

 

Hsbcsvb[.]com

Siiiconvalleybank[.]com

Login-svb[.]com

Svbankcollapseclaimants[.]com

Svbankcollapselawsuit[.]com

Svblawsuits[.]com

Hsbcinvestdirect.co[.]in

Svbanklegal[.]com

Svbankcollapse[.]com

Svbankcollapseclaims[.]com

siliconvalleybankfilm[.]com

siliconvalleybankcrash[.]com

siliconvalleybankcollaps[.]com

siliconvalleybankcolapse[.]com

siliconvalleyfederalbank[.]us

silliconvalley[.]ink

siliconvalleyfederalbank[.]net

siliconvalleybank-usdc[.]com

siliconvalleybonk[.]com

ziliconvalley[.]sk

siliconvalleybankcustomerservice[.]com

siliconvalleybankhelp[.]com

siliconvalleyentrepreneursbank[.]com

siliconvalleybankcreditors[.]com

siliconvalleyentrepreneurbank[.]com

siliconvalleybankclasaction[.]com

wwwsiliconvalleybankclassaction[.]com

siliconvalleybankfailures[.]com

siliconvalleybanksettlement[.]com

siliconvalleybank[.]xyz

siliconvalleybank[.]lol

siliconvalleyfederalbank[.]biz

siliconvalleyfederalbank[.]lol

siliconvalleybankmovie[.]com

siliconvalleybank[.]biz

siliconvalleybn[.]com

siliconvalleybanklawsuit[.]com

siliconvalleybankclassaction[.]com

siliconvalleybankreceivershipcertificate[.]com

siliconvalleybankcollapse[.]com

siliconvalleybust[.]com

svbbankrun2023[.]com

svbalternative[.]com

svbankclassaction[.]com

svbanklawsuit[.]com

svb-cash[.]com

svbfdic[.]com

svbwiki[.]com

svbcollapseexplained[.]com

banksvb[.]com

svbdeposit.fyi

svbcollapse[.]net

svbbailout[.]org

fucksvb[.]com

svbcoin[.]xyz

svbchain[.]xyz

svb-usdc[.]com

svb-usdc[.]net

svbfailure[.]com

svbopenletter[.]com

svbplaintiffs[.]com

svbinfo[.]com

svbbankrun[.]com

svbrecovery[.]com

svbmeltdown[.]fyi

wefundsvbclients[.]com

svbreceivership[.]com

svblogin[.]com

svbcollapse[.]com

svbclaim[.]com

svbdebt[.]com

svbclaims[.]net

svbbailout[.]com

svbi[.]io

svbank[.]com

hsbcbdubai[.]com

hsbc079[.]com

hsbc757[.]com

Hsbc736[.]com

hsbc119[.]com

hsbc719[.]com

hsbc938[.]com

Hsbc891[.]com

Hsbc-premium[.]com

Hsbckyc[.]com

Hsbclogin[.]co

Myaccount-hsbc[.]com

Thesiliconvalleybank[.]com

1svb[.]com

Circle-svb[.]com

Svb2023[.]com

Svbgate[.]com

Svbtoken[.]com

Svbnfts[.]com

whatissvb[.]com

Tessian Threat Engineering Group Tessian Threat Engineering Group