The Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, is tracking a malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage using phishing emails. These emails include a malicious link to the spoofed SBA website, which the cyber actor is using to steal credentials (user name and password). The image below is a sample of one of the phishing emails and includes:
- Subject line:SBA Application – Review and Proceed
- Sender: Disastercustomerservice@sba[.]gov
- Email text: Urges the recipient to click on a hyperlink to address:
- The domain resolves to IP address: 162.214.104[.]246
Content source and for more information, visit: https://us-cert.cisa.gov/ncas/alerts/aa20-225a
Use caution if you receive emails appearing to come from the SBA. It is best to go directly to the SBA’s website for information.