This year’s bank failures can open the door for fraudulent activity targeting businesses and individuals, even those that haven't done business with the failed banks.

3 Min Read
Hacker stealing dollars from bank digital abstract
Zoonar GmbH via Alamy Stock

The recent collapse of several banks will have a significant impact regardless of the actions of the government in the wake of these failures. Most of the reporting focuses on the systemic effects and announcements that depositors will be protected.

But, over the years, looking at issues like bank and corporate failures from the perspective of depositors and business partners, we’ve come to realize that failures are often perceived by cybercriminals to be a golden opportunity. In the immediate aftermath of a failure when there are so many unknowns, that gold looks particularly shiny. Cybercriminals watch for opportunities in all crises, and this bank crisis (as well as those yet to come) will be chum in the water for them.

For organizations that were depositors or had any relationship to the failed institutions -- or others that may fail in the future -- be aware that there are criminals trying to take advantage. Consider this example:

A company with several hundred thousand dollars in a bank that was taken over by a federal regulator receives an email that says:

“[Company Name] has been selected by the FDIC to assist in assuring that all customers of [Bank Name] regain access to all their funds rapidly. They are concerned that unscrupulous people may claim to have funds at the bank in order to receive fraudulent payments. To prevent this, we have been instructed to create a verified claimants list. To do this, we need to collect certain information that we will check against [Bank Name] systems for accuracy and to make sure that your funds are released to you on a priority basis. Please click the secure link below and complete the form. We ask that this be accomplished within 24 hours of the transmission of this email”.

If a company is worried about funds being made available, it’s likely they won’t try to verify that email or make a call to the main number at the FDIC. Most would see this email as a logical and appropriate control to help recover funds.

Most people would provide sensitive information about their account, and about their accounts with other institutions where the recovered funds would be deposited. This seems right in line with what someone would expect in dealing with a crisis like bank failures. This scenario has created the perfect opportunity for hackers to drain the company’s bank account, using the information that was provided. Cybercriminals rely on confusion and prey on those in panic. 

Even consumers whose deposits are less than $250,000, which are fully insured and protected, may receive phishing emails or text messages telling them that they need to register to be pre-cleared to receive their funds. The fraudsters will ask for sensitive information, such as other bank access codes “where returned funds should be deposited,” which they then can target. Based on what data they can collect, they may be able to perpetrate identity fraud, causing damage to credit ratings and reputation. Even if a person or company never had an account at an at-risk bank, they may receive this kind of email communication. Sending hundreds of thousands of emails costs the fraudster virtually nothing and they presume non-impacted people will just ignore it. All they need is a very small percentage of those receiving it to bite, and then they can make a lot of money.

We can’t predict exactly how the cybercrime community will respond to the opportunities that these bank failures pose, but it is very likely that criminal schemes have already started. We see this time and again with hurricane, earthquake, and natural disaster relief schemes.

Don’t fall for them. Don’t provide sensitive information without positive verification of who’s getting it and that they are who (and what) they claim to be. Phishing emails, texts or phone calls should be reported to law enforcement. They will aggregate complaints in order to attribute and track these pop-up criminal groups.

Maintaining a sense of caution. Closely following the situation and steps that agencies are taking for remediation can help individuals and businesses avoid becoming victims of a cybercrime.

About the Author(s)

Alan Brill

Senior Managing Director, Cyber Risk, Kroll

Alan Brill is a senior managing director with Kroll's Cyber Risk practice. As the founder of Kroll’s global high-tech investigations practice, Alan has led engagements that range from large-scale reviews of information security and cyber incidents for multibillion-dollar corporations to criminal investigations of computer intrusions. He has worked on many of Kroll’s major international projects. Alan serves as both a consulting and testifying expert in major cases where his ability to explain complex technology concepts provides counsel with a valuable litigation resource.

John Bennett

Global Head of Government Affairs, Cyber Risk, Kroll

John (Jack) Bennett is the global head of government affairs in the Cyber Risk practice of Kroll, and a Kroll Institute Fellow, based in San Francisco. He leverages over 25 years of experience, which includes leading the third and sixth largest FBI field divisions where he focused on providing investigative and intelligence support to various FBI teams and governments globally.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights