The Department of Homeland Security’s cyber agency on Wednesday warned of a fake COVID-19 Small Business Administration loan website.
“The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails,” CISA wrote in an alert. “These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential-stealing.”
The phishing emails consist of the subject line “SBA Application – Review and Proceed,” with firstname.lastname@example.org as the sender. Text prompts the recipient to click a hyperlink leading to a login page for the credential theft.
The CARES Act COVID-19 package, signed into law in March, included $650 million in loans for small businesses with fewer than 500 employees.
SBA Chief Information Officer Maria Roat in April said SBA’s security operations team had taken down eight fraudulent websites and two Twitter accounts that were imitating their administrator.
© 2021 Newsmax. All rights reserved.