Attention small business owners!
The Cybersecurity and Infrastructure Security Agency is currently tracking and monitoring a situation involving an unknown malicious cyber actor who is imitating the COVID-19 relief webpage of the Small Business Administration (SBA) through phishing emails. The actor is directly emailing potential victims a link to a fake page disguised as the SBA website. The website has malicious re-directs with the purpose of credential stealing.
The emails are doctored to look like they’re coming from an official SBA account with the subject line “SBA Application — Review and Proceed.” However, these headlines may appear different following the Aug. 12 alert from the Department of Homeland Security.
This scam is one of several reported attempts by cybercriminals posing as the federal agency, which has been tasked with distributing billions of dollars in COVID-19 relief loans to struggling small businesses.
The Department of Homeland Security recommends that small business owners and organizations at all levels review the alert and apply the recommended mitigations listed at the bottom. For general tips on how to spot and avoid phishing scams, check out this article from the TDS Newsroom.
Guest blogger: Garrett Seymour