Scam Alert - Spoofed SBA Website

The Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, is tracking a malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage using phishing emails. These emails include a malicious link to the spoofed SBA website, which the cyber actor is using to steal credentials (user name and password). The image below is a sample of one of the phishing emails and includes:

SBA Spoof Alert

 

  • Subject line:SBA Application – Review and Proceed
  • Sender: Disastercustomerservice@sba[.]gov
  • Email text: Urges the recipient to click on a hyperlink to address:
    hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov
  • The domain resolves to IP address: 162.214.104[.]246

Content source and for more information, visit: https://us-cert.cisa.gov/ncas/alerts/aa20-225a

Use caution if you receive emails appearing to come from the SBA. It is best to go directly to the SBA’s website for information.