Scams that target small businesses are quite common these days. The latest tries to phish US business owners’ SBA loan relief logins.
From phishing to BEC scams, attackers, wishing to exploit fear & anxiety, have found many ways to take advantage of the ongoing COVID-19 crisis during 2020.
The latest attack seems to involve an attacker who is spoofing the US Small Business Administration’s COVID-19 loan relief website via phishing emails.
US Department of Homeland Security
In an alert on Wed., the US Department of Homeland Security’s Cyber-Security & Infrastructure Security Agency warned of an increase in emails pretending to come from the SBA & directing victims to a phony SBA login site. The emails try to convince victims that they need to access the fake portal in order to review their SBA application.
The aim of the campaign seems to be credential stealing. Says CISA, the emails have been sent mostly to Federal Civilian Executive Branch & state, local, tribal, & territorial government recipients.
The campaign is directing victims to sites that spoof the actual SBA login page:
404 – page not found
When checked Thur., the main site the campaign was sending victims to resolved a ‘404 – page not found’ error.
CISA is warning users to be on the lookout for the following features in an email:
- A subject line, SBA Application – Review & Proceed
- A sender, marked as disastercustomerservice@sba[.]gov
- Text in the email body urging the recipient to click on a hyperlink to address:
- The domain resolves to IP address: 162.214.104[.]246
To make sure no one at any organisation falls victim to the phishing attack, CISA is encouraging administrators follow many of the same best practices it recommends year-round.
Admins should ensure users exercise caution when opening email attachments, ensure systems have the latest security updates, & disable file & printer sharing services if they have not already done so.
Attackers have focused on SBA loan scams since the pandemic started.
The US Federal Trade Commission warned about scams looking to get business owners bank account numbers, employees’ Social Security nos. & money in April.
In May, the SBA’s Office of Inspector General posted a series of warnings around emerging fraud schemes. The OIG suggested people ensure emails from the SBA came from accounts ending with sba.gov, check that any application numbers are consistent between emails, & suspect fraud if anyone contacts promising a loan approval.