Bank failures lead to potential cryptocurrency scams
The FDIC has announced that Flagstar Bank has purchased most of the assets and deposits currently owned by Signature Bridge Bank. Flagstar Bank was acquired by New York Community Bank in December of 2022. This new purchase adds 40 new branches to Flagstar Bank, effective immediately. You can see the details of the purchase here.
The deal with Flagstar Bank excludes approximately $60 billion in assets, which includes roughly $4 billion in deposits from Signature’s digital bank business. These deposits and the Signet payment platform will remain in receivership for now. The FDIC has announced that it will provide these deposits directly to customers whose accounts are associated with the digital-asset banking businesses. The press release directs questions about these digital assets to the FDIC at (866) 744-5463.
Customers whose accounts are included in the Flagstar purchase will automatically become Flagstar customers. The former Signature Bank branches will also be operating as Flagstar Bank branches as of today.
Potential scams you need to know about
The headlines around the banking sector create opportunities for cybercriminals. We’ve discussed this at length already, but as we get more information about the banking situation, criminals get more ideas about scams. Fleming’s advice here will help protect you against phishing and impersonation scams, but keep in mind that the language of these scams will evolve. For example, you may see some new twists based on the Flagstar Bank news:
FDIC impersonations: This is always a risk, but now you should watch for emails or text messages that offer to refund your cryptocurrency deposits. If you were not a customer of Signature Bank’s digital business, you are not getting anything, so you should not respond to these messages. If you are a customer, you should contact the FDIC directly at the number noted above.
Flagstar Bank impersonations: This is a new name for attackers to use in the current sphere of ‘failed bank’ phishing scams. You may see email or text messages asking you to provide sensitive information to activate a new account, complete a transfer, correct a transfer mistake, confirm your identity, etc. You should never follow any hyperlinks that are in a request like this. Contact the bank directly if you receive messages like this.
Signet impersonations: Signet (signet.com) is a blockchain-based, real-time digital payments platform. If you have not done business with Signet, then you should not be receiving any information from this brand. As of today, the Signet website identifies the platform as “a brand of Signature Bank.” The Signature Bank website currently identifies Signet as a brand of Signature Bridge Bank, N.A. at the top of the page, which is accurate.
(Signatureny.com/business/signet): Since the future of Signet is in question, be sure to verify URLs before logging in to this web application. You should also have web security in place to block any automatic downloads, which is a common method of attack by threat actors who have compromised or impersonated a website.
Headlines to watch
Here are some other financial brands in the news:
First Citizens is showing interest in purchasing the failed Silicon Valley Bank.
UBS Group AG has agreed to purchase Credit Suisse.
Saudi National Bank (SNB) and the Qatar Investment Authority (QIA) suffer losses on Credit Suisse investments.
First Republic shares have fallen to a new low, despite receiving funding from JPMorgan (JPM) and a consortium of large banks.
Cryptocurrency bank Silvergate has started a voluntary liquidation. This is largely related to the volatility in the crypto markets and an investigation into Silvergate’s business deals with FTX and Alameda Research.
A brand doesn’t need to be in the headlines for criminals to take advantage of name recognition. You should expect to see more scams impersonating banks, lenders, and even the Federal Reserve. Follow best practices whenever you get an email from a financial institution, especially if it asks you to click a link or provide sensitive information.
Resources that can help
Network administrators and other IT professionals should review our e-book, 13 email threat types to know about right now. This e-book explains how these scams work and provides examples of these attacks.
See these resources for more information:
Stay ahead of attackers trying to capitalize on recent bank failures
Cybersecurity Threat Advisory: New phishing campaigns related to recent bank failures
Subscribe to the Barracuda Blog.
Sign up to receive threat spotlights, industry commentary, and more.