The U.S. Department of Homeland Security's Cybersecurity & Infrastructure Security Agency (CISA) warns of a malicious cyber attacker spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor uses for malicious re-directs and credential stealing.
"These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential-stealing."
The phishing email contains:
• A subject line, "SBA Application – Review and Proceed"
• A sender, marked as disastercustomerservice@sba[.]gov
• The body of the email urges the recipient to click on a hyperlink to:
hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov
The malicious email directs the individual to click on a link that sends them to a fake login page for SBA's Economic Disaster Loan Portal. The hackers are then able to steal the individual's login credentials for the real page.
U.S. CISA recommends enforcing a strong password policy, using up-to-date antivirus software, scanning for "suspicious" email attachments, and using caution when opening email attachments.
According to The Hill, "Malicious cyber activity has spiked during the pandemic, and coronavirus stimulus funds have been a major target of hackers trying to cash in on federal funds meant for businesses."