RMail’s PRE-Crime Active Threat Hunting Services Will Stave Off the Inevitable Increase in Cyberthreats to Your Organization

RMail’s PRE-Crime Active Threat Hunting Services Will Stave Off the Inevitable Increase in Cyberthreats to Your Organization

March 17, 2023 / in Blog / by Zafar Khan, RPost CEO

Recent bank failures may create a feeding frenzy for cybercriminals.

A quick program note for our regular readers: we’re interrupting our scheduled series on the best-in-class, scalable eSignature software that is RSign so that we can address some important current economic events…

Unless you’ve been living under a rock the past couple of weeks, you’ve heard about the failures of Silicon Valley Bank (SVB) and Signature Bank (SB) and how they’ve spooked many investors into considering whether there may be contagion that could spread to other sectors of the economy—something we have not seen since the financial crisis many years ago.

Now we’re seeing a near failure at a global bank, Credit Suisse; and it may have failed had it not been for the Swiss Government providing a backstop before a total run on the bank. 

These bank failures expose the real risk that is likely pervasive in many other banks: the fact that many banks that invested in long term notes at low interest rates now find those notes devalued due to higher Treasury rates available today. For those who bank in smaller banks (not large enough to get Federal Government guarantees if they fail), they are also now reminded that deposits of more than $250K in any one bank account is not FDIC insured and their cash is at risk if the bank fails.

These bank failures have caused and will continue to cause customers to set up new banking relationships and move funds into larger (presumable safer, presumably too-big-to-fail) banks. Thus, the general market will now not see it out of the ordinary – and may see it entirely reasonable – for a vendor sending invoices, escrow, and closing agreements to alert the client that there are “updated bank / payment” details due to their need to switch banks.

From our turrets in the eSecurity space, we can thus see myriad opportunities for cybercriminals to take advantage of this current (and, for some, desperate) situation. A feeding frenzy may well ensue for those schemers who to trick people into paying invoices with swapped out payment details --- legitimately explained with the “needed to switch banks”. The new bank details may be true ones, or [boom!] they may be impostor versions with cybercriminal-swapped-out payment details. 

These cybercriminals will buy lookalike email domains — domains that look like an existing vendor — and use that to trick payors with their impostor email “needed to switch banks” claim. They will gather information about existing vendors and invoice formats by compromising email accounts and eavesdropping on email. Finally, they will send out fake invoices en masse knowing that some poor desperate soul will take the bait. The bottom line is that all these schemes are just numbers games, and the numbers with which cybercriminals work with just got a lot bigger due to these bank failures.

What to do if you and/or your financial institution are concerned? Fortunately, there is RMail’s PRE-Crime active threat hunting services that: 

  1. Detect if email you send is being actively eavesdropped on at the recipient (RMail Email Eavesdropping™ Alerts); and
  2. Alert if someone on staff tries to reply to a lookalike email domain (RMail Lookalike Domain™ Alerts).

Read the press release on our PRE-Crime Suite of products or have a more in-depth look at the anatomy of one of these email schemes, which may now happen more frequently due to these bank failures. 

Feel free to contact us to discuss how RMail can help you weather this latest financial storm, which, unfortunately, may now only be beginning.