Hello and welcome to the Tuesday, March 14th, 2020,

3 edition of the Sandin and Storm Center's Stormcast. My name is Johannes Ulrich,

and today I'm recording from Jacksonville, Florida.

Silicon Valley Bank, of course, was in the news, and with that scammers are looking into trying to capitalize on this incident as well.

We noticed over the weekend a significant increase in domain name registrations related to Silicon Valley Bank.

Most of them, the ones that I at least found, just contain the three letters, SVB.

Login, SVB.com, SVB Login.com are two domains I'm particularly watching.

Many of the domains are more or less just money-making domains.

There's even an SVB merch domain that someone

registered. What I'm most afraid of happening right now is sort of a variation of the business

email compromise. In a classic business email compromise, an attacker is listening in on

emails being sent and then, for example, if an invoice is being sent, the attacker is listening in on emails being sent, and then, for example, if an invoice is

being sent, the attacker is injecting an additional email with updated account information

that, of course, points to the attacker's account.

I have seen a couple of people reporting that they received from vendors' email, basically,

with updated account information because they moved their accounts away from Silicon Valley

Bank and now are using a different bank for their banking. Those emails appear to be legitimate, but of course it's not a stretch to assume that the

bad guys are catching on to a lot of these emails being sent these days and are just

injecting a couple of fraudulent ones.

So talk to your accounting staff, reinforce some

of the lessons that you already should have communicated to them about updating account

information to validate this just with a larger normal number of these messages, with the

...