The US Small Business Administration (SBA) has been offering loans to businesses and other groups affected by the COVID-19 crisis. Cybercriminals have taken advantage of the outbreak and the new processes set up by the SBA to set up malware to spoof organizations applying for financial relief.
At least three different categories of phishing emails have been identified since the start of the pandemic.
- In April emails with malicious attachments such as “SBA_Disaster_Application_Confirmation_Documents_COVID_Relief.img” were sent out prompting recipients to complete a grant for small business disaster assistance. Malware such as GuLoader was hidden in the files which downloads the payload of your choice while attempting to evade antivirus detection.
- A second wave of emails followed, claiming to be from the Office of Disaster Assistance. These emails explained that the application had been proved and invited the recipient to click on a button to review the funding process. The link led to a phishing page which asked for account credentials which could be used to scam the recipient in the future.
- A third set of malicious emails was spotted earlier this month asking the recipient to fill out an attached form – soliciting personal, financial and bank account details – in the guise of an application for disaster loan assistance.
In all of these attacks, the criminal used SBA branding and made the emails look like they were from the SBA.
These are just a selection of the recent attacks, and cybercriminals are continually looking for new ways to scam people. If you or your organization has or is considering applying for SBA relief, here are some tips to help you avoid falling for a cyber attack.
Check the legitimacy of emails
Beware of the sender’s email address, it can be spoofed to look exactly the same as the person or organization they want you to believe it is from. With many email clients you can view the header information for each specific message. For example in Microsoft Outlook by clicking the file menu and then properties. In the Internet headers section, the Received address displays a host name, if this has nothing to do with the SBA or the source you believe it is to be from there is a good chance it is malicious.
Review URLs before submitting any information
When you hover over the address and the text is not connected at all to the SBA then it is likely to be a phishing attack.
Check the DOJ and SBA websites
Both the Department of Justice (DOJ) and the SBA list phishing attacks known to be in circulation on their websites. They also provide information and tips on how to steer clear of these types of attacks.
Double check the information
You can double check the legitimacy of any email by phoning the organization. However, take care to call the number on their website and not the number provided in the suspicious email as it could lead you straight to the fraudsters.
MAP CYBERSECURE can advise you and your employees on how to avoid malicious emails and other types of cyberattacks. Please contact Kevin Holmes firstname.lastname@example.org at 818-290-5858 or Dave Watts email@example.com at 323-606-7608 for additional information.